On Sun, Jul 31, 2011 at 02:04:35PM +0200, Peter N. M. Hansteen wrote:
> Ryan McBride <mcbr...@openbsd.org> writes:
> > Please try a newer snapshot, this bug was fixed in the following commit:
>
> Latest snapshot (date Jul 31) still loads
>
> match out log on $ext_if inet nat-to ($ext_if)
>
> as
>
> match out log on xl0 inet all nat-to (xl0) round-robin
This part of the behaviour is normal and has not changed (since the
commit below, I believe). On 4.9 I get the following:
i386-49$ echo "pass out on egress nat-to (egress)" | pfctl -vnf -
pass out on egress all flags S/SA keep state nat-to (egress) round-robin
i386-49$
The interface may have more than one address...
-------------------
CVSROOT: /cvs
Module name: src
Changes by: mcbr...@cvs.openbsd.org 2010/01/11 20:20:52
Modified files:
libexec/tftp-proxy: filter.c
sbin/pfctl : parse.y pfctl.c pfctl_optimize.c pfctl_parser.c
pfctl_parser.h pfctl_table.c
share/man/man4 : pf.4
share/man/man5 : pf.conf.5
sys/net : pf.c pf_if.c pf_ioctl.c pf_lb.c pf_table.c
pfvar.h
usr.sbin/ftp-proxy: filter.c
usr.sbin/relayd: pfe_filter.c
Log message:
First pass at removing the 'pf_pool' mechanism for translation and routing
actions. Allow interfaces to be specified in special table entries for
the routing actions. Lists of addresses can now only be done using tables,
which pfctl will generate automatically from the existing syntax.
Functionally, this deprecates the use of multiple tables or dynamic
interfaces in a single nat or rdr rule.
ok henning dlg claudio
-------------------
> but NATed traffic is handled correctly AFAICS.
>
> So you should consider this bug closeable.
Thanks for confirming that it's fixed.
