pf, nat, 2 public IP-addresses
Daniel Hartmeier
daniel at benzedrine.cx
Sun Nov 27 07:25:11 GMT 2005
Can you reproduce the problem (create one connection), then run
pfctl -vsn (entire output) and pfctl -vss (the state using the wrong
source address)?
The connection might match the wrong nat rule (unlike filter rules,
translation rules are first-match).
Or the connection might not be nat'ed at all. Are the two proxies you
mentioned running on the same box as pf? Why do you need to nat at all?
Because you can't bind(2) one's outgoing connections to the alias
address? So you want to replace source 1.2.3.2 with 1.2.3.3 for these
connections?
Daniel
More information about the freebsd-pf
mailing list