> my current pf.conf:
> ext_if="pppoe0"
> int_if="dc0"
> localnet=$int_if:network
>
> nat on $ext_if from $localnet to any -> ($ext_if)
> block all
> pass from { lo0, $localnet } to any keep state
>I think there must be another line: pass out on $ext_if all Because "nat" processes packets _before_ the filter rules, thus the outgoing packets on $ext_if have the address of $ext_if. They will be blocked, because your only "pass" rule is for packets with an internal source address. Jochen
