Date: Thu, 12 Mar 2009 08:48:17 +0200 From: Artis Caune <artis.caune@gmail.com> To: Gianni <gdoe6545@yahoo.it> Cc: freebsd-pf@freebsd.org Subject: Re: duplicate nat rules listed by pfctl Message-ID: <9e20d71e0903112348m52e9020cybd37b7333a298d52@mail.gmail.com> In-Reply-To: <7B51D53B-224C-4887-A017-AF136264F4A9@yahoo.it> References: <6BCCA4DE-FD38-494B-A947-4C1D63775A1A@yahoo.it> <20090311195007.GE3436@verio.net> <7B51D53B-224C-4887-A017-AF136264F4A9@yahoo.it>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/3/12 Gianni <gdoe6545@yahoo.it>:
> On 11/mar/09, at 20:50, David DeSimone wrote:
> int_if =3D "vr0"
> localnet =3D $int_if:network
>
> From your question I now see the answer:
>
> vr0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 15=
00
> =C2=A0 =C2=A0 =C2=A0 =C2=A0options=3D280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAS=
T,WOL_MAGIC>
> =C2=A0 =C2=A0 =C2=A0 =C2=A0inet 192.168.200.250 netmask 0xffffff00 broadc=
ast 192.168.200.255
> =C2=A0 =C2=A0 =C2=A0 =C2=A0inet 192.168.200.249 netmask 0xffffff00 broadc=
ast 192.168.200.255
>
> I've got 2 ip addresses on the interface and the :network shortcut does n=
ot
> take into account that they are part of the same subnet.
> If I do localnet =3D "192.168.200.0/24" it's fine, I don't get duplicate
> entries.
you can use tables, so duplicates are skipped:
int_if =3D "vr0"
table <localnet> const { $int_if:network }
nat on $ext_if from <localnet> to any -> ($ext_if)
--=20
regards,
Artis Caune
<----. CCNA | BSDA
<----|=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
<----' didii FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9e20d71e0903112348m52e9020cybd37b7333a298d52>