From owner-freebsd-current@FreeBSD.ORG Tue Aug 9 04:51:00 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8027216A41F for ; Tue, 9 Aug 2005 04:51:00 +0000 (GMT) (envelope-from ai@bmc.brk.ru) Received: from stalker.bmc.brk.ru (stalker.bmc.brk.ru [217.150.59.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DC4043D45 for ; Tue, 9 Aug 2005 04:50:59 +0000 (GMT) (envelope-from ai@bmc.brk.ru) Date: Tue, 9 Aug 2005 08:50:57 +0400 From: Artemiev Igor To: freebsd-current@freebsd.org Message-Id: <20050809085057.66b10fe7.ai@bmc.brk.ru> Organization: Bryansk Medical Center X-Mailer: Sylpheed version 2.0.0beta4 (GTK+ 2.6.8; i386-portbld-freebsd5.4) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: "Nat pass" not working in pf? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Aug 2005 04:51:00 -0000 nat pass on fxp0 proto tcp from (ed0:network) to any -> (fxp0:0) static-port Still, filtering rules are still being used. I create rule: "pass in log quick on ed0 from (ed0:network) to any keep-state allow-opts By pfctl -s state I can see, that state for packet is created, but incoming packets are not using it, because they are being dropped on external interface fxp0, despite the "set state-policy floating". -- iprefetch ai