NAPT on an routed address pool: problem with the broadcast address

[Antonio Bonifati]

Hi to all.
I have a question relating to NAPT on an address pool. I'm using PF with a
rule like this:

nat on $my_outbound_if from $my_internal_net to any -> $my_CIDR_pool
source-hash

My internal net has more private IPs than those of the public pool.

In order for this to work I've noticed all the pool's addresses must be
bound to my outbound router interface.

This worked for me when my router was connected to a switch. But now it is
connected to another router. They gave me a CIDR pool but the broadcast
address is not routed and I cannot configure it as an alias of course.

How can I use my full CIDR pool with source-hash natting? I'm experiencing
random connection freezes when I use the above rule. I believe this happens
because PF selects the broadcast address for some mappings.

BTW why does PF require that only a CIDR pool must be used with source-hash?
Could something be done on the other side to work this problem out? E.g. is
it possible to configure a router to also route the broadcast address in a
static route?

thanks for helping
--
Antonio Bonifati
BLOG: http://antonio-bonifati.blogspot.com
My profile: http://www.google.com/profiles/antonio.bonifati