New Translation Options in PF
My OpenBSD 4.6 current firewall is currently designed to service
three internal networks, 192.168.0.0/24, 192.168.1.0/24,
192.168.2.0/24. I have assigned the group external to my connection
to my isp.
Using the following, I'm able to have internal connections to use
network address translation with the outside world.
table {192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24}
match out out on external from nat-to (external)
This works, however, when I do a sudo pfctl -s rules the match rule
is displayed as
match out on external from to any nat-to (external) round-robin
Should round-robin be showing up in the rule?
Anathae
Re: New Translation Options in PF
On Sat, Sep 05, 2009 at 05:37:58AM -0600, Anathae Townsend wrote: > match out on external from to any nat-to (external) round-robin IIRC it's been that way as long as I can remember, if you only have one address round-robin doesn't really do anything. -- Jussi Peltola
Re: New Translation Options in PF
Anathae Townsend wrote: match out on external from to any nat-to (external) round-robin Should round-robin be showing up in the rule? Remove the parentheses on external and it will use the first IP assigned to external and not use round-robin. -- - RSM http://www.erratic.ca
Re: New Translation Options in PF
On 2009-09-05, Scott McEachern wrote: > Anathae Townsend wrote: >> match out on external from to any nat-to (external) round-robin >> >> Should round-robin be showing up in the rule? >> >> > Remove the parentheses on external and it will use the first IP assigned > to external and not use round-robin. > Or do (external:0) and it will use only the first address, but still track any changes while the system is running..
