duplicate nat rules listed by pfctl
Artis Caune
artis.caune at gmail.com
Wed Mar 11 23:48:19 PDT 2009
2009/3/12 Gianni <gdoe6545 at yahoo.it>:
> On 11/mar/09, at 20:50, David DeSimone wrote:
> int_if = "vr0"
> localnet = $int_if:network
>
> From your question I now see the answer:
>
> vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC>
> inet 192.168.200.250 netmask 0xffffff00 broadcast 192.168.200.255
> inet 192.168.200.249 netmask 0xffffff00 broadcast 192.168.200.255
>
> I've got 2 ip addresses on the interface and the :network shortcut does not
> take into account that they are part of the same subnet.
> If I do localnet = "192.168.200.0/24" it's fine, I don't get duplicate
> entries.
you can use tables, so duplicates are skipped:
int_if = "vr0"
table <localnet> const { $int_if:network }
nat on $ext_if from <localnet> to any -> ($ext_if)
--
regards,
Artis Caune
<----. CCNA | BSDA
<----|====================
<----' didii FreeBSD
More information about the freebsd-pf
mailing list