On Thu, Jan 21, 2016 at 12:25:16AM +0800, zje.net.cn wrote: > sorry, i had tried many times with inspecting all settings, but can't make > the NAT well done yet.In this environment, my haproxy is working well, so i > think the base network settings are good
As long as you're not providing any further information, we're left to speculate as to the real reason. I've already told you the basic steps, but as to the PF part, I'd start with a block, then open the stuff I need, as in int_if = "de1" #10.0.11.200 ext_if = "de2" #61.xxx.xx.xx int_net = "10.0.11.0/24" block match out on egress inet nat-to $ext_if pass inet from $int_net (hint: careful where you block and where you pass) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
