Hello! Between the documentation about npf, another very useful document is:
<http://www.netbsd.org/~rmind/pub/npf_manual_netbsd_6.pdf> As it is written here, and exactly as Martin said in a previous thread, `pass stateful out all' ``allows the packet to go out, and also creates a NAT state entry so any answers are allowed back in''. But also this line enables NAT: map $ext_if dynamic $localnet -> $ext_if So, assume that my npf.conf has: map $ext_if dynamic $localnet -> $ext_if group (name "external", interface $ext_if) { pass stateful out all } Given the `map' line which creates a NAT, is `pass stateful out all' (which allows any packet creating a NAT) really necessary? A NAT has already been created with `map'. Or, viceversa, with `pass stateful out all', is `map' really necessary? Rocky
