On Dec 11, 2007 2:43 PM, Russ Bennett <[EMAIL PROTECTED]> wrote: > > Hello, > > I've setup a 1:1 nat and entered in the rules. Nothing was getting > through so I looked at the log and I can see the rule getting hit > properly except within the log I get the following message
You are probably seeing evaluations, not matches. A packet can be evaluated against a rule and not match. It's important to note that pf performs NAT first, then evaluates the packet against the ruleset. Thus, your rules need to reflect the post-NAT'd packet, not the pre-NAT'd packet. ie. use the internal IP for the destination, not the external IP. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
