Date: Thu, 12 Mar 2009 08:48:17 +0200 From: Artis Caune <artis.caune@gmail.com> To: Gianni <gdoe6545@yahoo.it> Cc: freebsd-pf@freebsd.org Subject: Re: duplicate nat rules listed by pfctl Message-ID: <9e20d71e0903112348m52e9020cybd37b7333a298d52@mail.gmail.com> In-Reply-To: <7B51D53B-224C-4887-A017-AF136264F4A9@yahoo.it> References: <6BCCA4DE-FD38-494B-A947-4C1D63775A1A@yahoo.it> <20090311195007.GE3436@verio.net> <7B51D53B-224C-4887-A017-AF136264F4A9@yahoo.it>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/3/12 Gianni <gdoe6545@yahoo.it>:
> On 11/mar/09, at 20:50, David DeSimone wrote:
> int_if = "vr0"
> localnet = $int_if:network
>
> From your question I now see the answer:
>
> vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC>
> inet 192.168.200.250 netmask 0xffffff00 broadcast 192.168.200.255
> inet 192.168.200.249 netmask 0xffffff00 broadcast 192.168.200.255
>
> I've got 2 ip addresses on the interface and the :network shortcut does not
> take into account that they are part of the same subnet.
> If I do localnet = "192.168.200.0/24" it's fine, I don't get duplicate
> entries.
you can use tables, so duplicates are skipped:
int_if = "vr0"
table <localnet> const { $int_if:network }
nat on $ext_if from <localnet> to any -> ($ext_if)
--
regards,
Artis Caune
<----. CCNA | BSDA
<----|====================
<----' didii FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9e20d71e0903112348m52e9020cybd37b7333a298d52>