From owner-freebsd-pf@FreeBSD.ORG Wed Mar 11 19:25:05 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A480310656C0 for ; Wed, 11 Mar 2009 19:25:05 +0000 (UTC) (envelope-from gdoe6545@yahoo.it) Received: from n29.bullet.mail.ukl.yahoo.com (n29.bullet.mail.ukl.yahoo.com [87.248.110.146]) by mx1.freebsd.org (Postfix) with SMTP id EEB938FC16 for ; Wed, 11 Mar 2009 19:25:04 +0000 (UTC) (envelope-from gdoe6545@yahoo.it) Received: from [217.12.4.214] by n29.bullet.mail.ukl.yahoo.com with NNFMP; 11 Mar 2009 19:11:07 -0000 Received: from [87.248.110.115] by t1.bullet.ukl.yahoo.com with NNFMP; 11 Mar 2009 19:11:07 -0000 Received: from [127.0.0.1] by omp220.mail.ukl.yahoo.com with NNFMP; 11 Mar 2009 19:11:11 -0000 X-Yahoo-Newman-Id: 842780.78879.bm@omp220.mail.ukl.yahoo.com Received: (qmail 76941 invoked from network); 11 Mar 2009 19:11:07 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.it; h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-Id:From:To:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:X-Mailer; b=BHZlOJlq7O+fpHreq5J3pvz8MFkvjl9APQexXyKzS7IrNf2OfsnVxxCp8oJ0QGDwVW69Wx9RvUNvne4khmxL6reF3POW8ahKQ1mNyK+uscydrowJN3JS8QO0ngQ130O6ayTu2P+NeB1TRsoUA9GvQVY0ME4M8EcOkrjmrIOZEMQ= ; Received: from unknown (HELO stromberg.smersh.casa) (gdoe6545@88.149.154.198 with plain) by smtp108.mail.ukl.yahoo.com with SMTP; 11 Mar 2009 19:11:07 -0000 X-YMail-OSG: wUhXHF4VM1koNwSRTcFqtSHni11hATRvMQ90.O5Hi66t9ItpX0G9NrFdRNXnTTGvyYoSCOEa21rNbjUi0fNmSimXhMZaTWaahhHFadYSRZ5qN8wx1j5EdVrA5Fk.1GAZ1XHywHHJpHqVS6sepvoXzXlldzY64JczUuetcEOEJLZ68kWP7azB_TJx_fenD7k.G8cgHib6dcJySQQq X-Yahoo-Newman-Property: ymail-5 Message-Id: <6BCCA4DE-FD38-494B-A947-4C1D63775A1A@yahoo.it> From: Gianni To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Wed, 11 Mar 2009 20:11:05 +0100 X-Mailer: Apple Mail (2.930.3) Subject: duplicate nat rules listed by pfctl X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Mar 2009 19:25:06 -0000 With the following nat rules pfctl lists duplicate entries, can anyone explain why this is? ext_if = "tun0" nat on $ext_if from $localnet to any -> ($ext_if) no nat on $ext_if from $localnet to $vpn_nets # pfctl -s nat nat on tun0 inet from 192.168.200.0/24 to any -> (tun0) round-robin nat on tun0 inet from 192.168.200.0/24 to any -> (tun0) round-robin no nat on tun0 inet from 192.168.200.0/24 to 192.168.0.0/24 no nat on tun0 inet from 192.168.200.0/24 to 192.168.0.0/24