[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PF and two interfaces

On Friday, November 5, jared wrote:
> nat on $ext_if_sbc from $lan_net to any -> ($ext_if_sbc)
> nat on $ext_if_rcn from $lan_net to any -> ($ext_if_rcn)
  this second nat line isn't ever going to be evaluated by a packet
  seen, as nat rules are first-match:
     For each packet processed by the translator, the translation rules are
     evaluated in sequential order, from first to last.  The first matching
     rule decides what action is taken.
I'm sorry if I don't understand, but seems to me that if the traffic is
coming in on the rcn line then the first rule (sbc line) has no effect and
traffic is passed to the next rule for processing.