why pf nat two different ip address to one ip address with different port number?
s m
sam.gh1986 at gmail.com
Sun Nov 1 06:26:22 UTC 2015
hello everybody
i wanna nat my local addresses with pf but i have a strange problem. this
is my pf.conf file:
table <1> { 20.3.3.10 }
nat on 'gbeth2' from { 10.3.3.0/24} to any -> <1> round-robin sticky-address
i wanna have static nat with just one ip address(20.3.3.10). with these
rules i expect the first system which send packet to my freebsd system, nat
to 20.3.3.10 and the second system do not nat since we have no free ip
address. but what is happened is totally different! the second one nat to
the same ip address but with different port number like this:
all icmp* 20.3.3.10:48401 <http://20.3.3.10:48401>* (10.3.3.2:27943) ->
20.3.3.1:48401 0:0
all icmp *20.3.3.10:58435 <http://20.3.3.10:58435>* (10.3.3.1:3706) ->
20.3.3.1:58435 0:0
would you please tell me what is wrong with my pf.conf rules? how can i
prevent this? i want to nat just the first system which request for it and
ignore the request from the second system. it should be possible, isn't it??
any comments or hints are appreciated.
SAM
More information about the freebsd-pf
mailing list