From owner-freebsd-pf@FreeBSD.ORG  Wed Jul 26 17:07:49 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4DDAA16A4DD
	for <freebsd-pf@freebsd.org>; Wed, 26 Jul 2006 17:07:49 +0000 (UTC)
	(envelope-from lyndon@orthanc.ca)
Received: from orthanc.ca (orthanc.ca [209.89.70.53])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9047543D53
	for <freebsd-pf@freebsd.org>; Wed, 26 Jul 2006 17:07:48 +0000 (GMT)
	(envelope-from lyndon@orthanc.ca)
Received: from localhost (localhost [127.0.0.1]) (authenticated bits=0)
	by orthanc.ca (8.13.4/8.13.4) with ESMTP id k6QH7gXs025328
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Wed, 26 Jul 2006 11:07:44 -0600 (MDT)
	(envelope-from lyndon@orthanc.ca)
Date: Wed, 26 Jul 2006 11:07:42 -0600 (MDT)
From: Lyndon Nerenberg <lyndon@orthanc.ca>
To: "Travis H." <solinym@gmail.com>
In-Reply-To: <d4f1333a0607260239m5059f200j3447025bbeceea77@mail.gmail.com>
Message-ID: <20060726110541.K25284@orthanc.ca>
References: <44C71D8F.9090007@sailorfej.net>
	<d4f1333a0607260239m5059f200j3447025bbeceea77@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,SPF_PASS 
	autolearn=ham version=3.1.3
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on orthanc.ca
Cc: freebsd-pf@freebsd.org
Subject: Re: nat/outbound traffic not passing in pf on FreeBSD 6.1
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2006 17:07:49 -0000

> Well this is a silly question, but perhaps traffic is being passed
> out, but the responses can't get back in?  It's not clear to me how
> you expected responses to get in without a "keep state" on an outbound
> rule.

In the OpenBSD implementation, the 'nat' statement implicitly enables 
'keep state' behaviour, therefore a separate rule is not required.

--lyndon