On Saturday, July 26, 2003 9:49 PM, Trevor Talbot wrote:The following snippets DO NOT work fine under 3.3 stable (on similar machine):
nat on $ext inet proto udp from $ipp port = 5004 to $ipc -> $ext port 5004
nat on $ext inet proto udp from $ipp port = 5567 to $ipc -> $ext port 5567
# pfctl -s all
...
nat on ep1 inet proto udp from 172.30.0.127 port = 5004 to 191.255.255.1 -> 223.255.255.1 port 5004:35859
nat on ep1 inet proto udp from 172.30.0.127 port = 5567 to 191.255.255.1 -> 223.255.255.1 port 5567:48917
Did you upgrade pfctl too? It had a bug that caused it to set the second port incorrectly.
As far as I can tell I did both userland and the kernel via CVS.
Ah, turns out this is a different bug. It's been fixed in -current, but hasn't reached -stable. Yet. Again. Does someone not like Ryan McBride's patches? :)
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/ parse.y.diff?r1=1.373&r2=1.374
For what you're doing, using the static-port option instead of a specific port should also work.
I'm not familiar with this, would you please give me an example?
nat on $ext inet proto udp from $ipp port = 5004 to $ipc -> $ext static-port
This option causes nat to keep the source port the same, instead of rewriting it as usual.
