From owner-freebsd-pf@FreeBSD.ORG Sun Mar 31 06:07:30 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id ED9A33ED for ; Sun, 31 Mar 2013 06:07:30 +0000 (UTC) (envelope-from sam.gh1986@gmail.com) Received: from mail-la0-x22d.google.com (mail-la0-x22d.google.com [IPv6:2a00:1450:4010:c03::22d]) by mx1.freebsd.org (Postfix) with ESMTP id 7BA57B38 for ; Sun, 31 Mar 2013 06:07:30 +0000 (UTC) Received: by mail-la0-f45.google.com with SMTP id er20so1403425lab.18 for ; Sat, 30 Mar 2013 23:07:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=0k23Hiz0/19bvjorPD1xqJPXnO0mALGAL/Xd4n1VERI=; b=zQTFp9ST06ZXi0o0dnTeLAI95vz5fF2ZKEiWPZdZYsPrUetO3E4oIR0B+9dYy/YVSr EmZKVExB7voA9a5GjI0TnBojkMKmZTtvXn9BSEUPztzHRXBK/oDL4mJhz8IxbzUInccE D7PC/XQAIMGeI6pnJ/WEfsmksl1kfSR8Zx22PH6eCzHhetnS/lkYi5NgNqRS8FyHTA+7 hFI5jLnN6BfAnzITK6l27s7Be8XgmivDkn6+uphUVQWg0c4Ij6N3xT3h5W+9/Oo+u1+X ORZBonH1M3LXDj6i4ZQdw7ryihJ2m9QON57o3ovWKS06Nmao5iNtrzhzqbms6IOhbQK+ D4Cw== MIME-Version: 1.0 X-Received: by 10.152.28.3 with SMTP id x3mr3690561lag.27.1364710049344; Sat, 30 Mar 2013 23:07:29 -0700 (PDT) Received: by 10.112.143.201 with HTTP; Sat, 30 Mar 2013 23:07:29 -0700 (PDT) Date: Sun, 31 Mar 2013 10:37:29 +0430 Message-ID: Subject: how access inside from outside when nat is done from inside to outside From: s m To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Mar 2013 06:07:31 -0000 hello guys i am newbie in pf and nat and have some problem with it. i want to nat inside traffic to outside and when i ping outside from inside, every thing is ok and nat is done perfectly. but when i ping inside from outside, request packets are sent without any nat translation while reply packets are anted and therefore outside system can not recognize reply packets and do not accept them. this is example pf packets which are received in a outside system when pings an inside system. request packets: src:192.168.2.1----> dst: 192.168.1.1 reply packets: src: 192.168.2.50----> dst:192.168.2.1 is it a correct behavior or not? and if it is correct, it means that when i configure to nat traffic from inside to outside, i can not access from outside to inside systems? (in cisco router we can do it). please let me know if i am misunderstanding. thanks