From owner-freebsd-pf@FreeBSD.ORG  Tue Oct 11 11:54:26 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2112116A41F
	for <freebsd-pf@freebsd.org>; Tue, 11 Oct 2005 11:54:26 +0000 (GMT)
	(envelope-from ai@bmc.brk.ru)
Received: from stalker.bmc.brk.ru (stalker.bmc.brk.ru [217.150.59.166])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A489343D4C
	for <freebsd-pf@freebsd.org>; Tue, 11 Oct 2005 11:54:25 +0000 (GMT)
	(envelope-from ai@bmc.brk.ru)
Date: Tue, 11 Oct 2005 15:54:21 +0400
From: Artemiev Igor <ai@bmc.brk.ru>
To: "Travis H." <solinym@gmail.com>
Message-Id: <20051011155421.4e3b69cb.ai@bmc.brk.ru>
In-Reply-To: <d4f1333a0510110337rd8ce894qd45b285c1715f9c3@mail.gmail.com>
References: <20051011121205.4dfa7cf2.ai@bmc.brk.ru>
	<d4f1333a0510110336r71fae318w2d420a647a2e9c4b@mail.gmail.com>
	<d4f1333a0510110337rd8ce894qd45b285c1715f9c3@mail.gmail.com>
Organization: Bryansk Medical Center
X-Mailer: Sylpheed version 2.0.0beta4 (GTK+ 2.6.8; i386-portbld-freebsd5.4)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd-pf@freebsd.org
Subject: Re: NAT states
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2005 11:54:26 -0000

On Tue, 11 Oct 2005 05:37:48 -0500
"Travis H." <solinym@gmail.com> wrote:
> Oh, also another thing; do you initialize table <locals> somewhere?
> If it is empty, nothing will match NAT rule.
NAT state didn`t match, i see it by pfctl -vs state and packet dropped. 
Consequently, nat is not working without an explicit rule for incoming
traffic lan->internet on $lanif, and incoming internet->lan on $extif,
in spite of created state and "pass" existing in nat rule. Why is that
so?

-- 
iprefetch ai