On Sun, May 17, 2009 at 01:38:07PM +0000, Stuart Henderson wrote: > On 2009-05-17, Felipe Alfaro Solana <[email protected]> wrote: > > > > The problem with incorrectly-sourced IP datagrams seems to be NAT: > > > > nat on vr2 inet from 172.16.0.1/24 to any -> (vr2) round-robin > > > > This rule is created as: > > > > nat on $ext_if from $int_if:network to any -> ($ext_if) > > > > I understand the problem is the (vr2) round-robin. I have no idea, however, > > how to prevent PF from using the two IP addresses (the public IP and the IP > > alias). Any ideas how to force NAT to only use 1 IP address (the public IP > > address)? > > (vr2:0) >
May not work correctly when an address is reassigned because of the way how ifconfig vr0 delete works. It can happen that after a lease refresh the two networks are shuffled and so (vr2:0) may get the wrong address. -- :wq Claudio
