From owner-freebsd-questions@freebsd.org Sun Nov 1 06:26:22 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2345CA2359A; Sun, 1 Nov 2015 06:26:22 +0000 (UTC) (envelope-from sam.gh1986@gmail.com) Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B0980184C; Sun, 1 Nov 2015 06:26:21 +0000 (UTC) (envelope-from sam.gh1986@gmail.com) Received: by lbjm5 with SMTP id m5so70245143lbj.3; Sat, 31 Oct 2015 23:26:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=bXTu94RECJA6RriNeTHrrC9wixzTE6FEmgcUP2qzAk4=; b=TA3dZdPO0HpwhZH0jV7vUR9foMBmhaVPgeD7Bc83C9J/DUnp75uWCKahxNBjNJdSsT 4NWVXizT/8ph36w/NlKKjqqiNB/98F5FODCBhgi4T2mfyP03RjpzxzJm1oK3+58djg7p QPrPjEgruzE8U5soo6Jv2fG8ZCSURdHBGnjzHtPkO4xiQd5rXViGVwdR8/2/wxCHkJyb FNKuibE+LkyD6PMO8kOvDnfweV/bNxbl6A8MgGqjNvJId11BddYh3feJZkZEapJxZGfU Ue1Y4wtd2tkVDcjQAtLnAZEISv4YmA9/AdUfHsDBpAWe9Qsjxo+XtqFhDpCcv36D/zHJ ciRw== MIME-Version: 1.0 X-Received: by 10.112.131.8 with SMTP id oi8mr5939864lbb.99.1446359179540; Sat, 31 Oct 2015 23:26:19 -0700 (PDT) Received: by 10.112.124.108 with HTTP; Sat, 31 Oct 2015 23:26:19 -0700 (PDT) Date: Sun, 1 Nov 2015 09:56:19 +0330 Message-ID: Subject: why pf nat two different ip address to one ip address with different port number? From: s m To: freebsd-pf , freebsd-questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Nov 2015 06:26:22 -0000 hello everybody i wanna nat my local addresses with pf but i have a strange problem. this is my pf.conf file: table <1> { 20.3.3.10 } nat on 'gbeth2' from { 10.3.3.0/24} to any -> <1> round-robin sticky-address i wanna have static nat with just one ip address(20.3.3.10). with these rules i expect the first system which send packet to my freebsd system, nat to 20.3.3.10 and the second system do not nat since we have no free ip address. but what is happened is totally different! the second one nat to the same ip address but with different port number like this: all icmp* 20.3.3.10:48401 * (10.3.3.2:27943) -> 20.3.3.1:48401 0:0 all icmp *20.3.3.10:58435 * (10.3.3.1:3706) -> 20.3.3.1:58435 0:0 would you please tell me what is wrong with my pf.conf rules? how can i prevent this? i want to nat just the first system which request for it and ignore the request from the second system. it should be possible, isn't it?? any comments or hints are appreciated. SAM