From owner-freebsd-pf@FreeBSD.ORG Sun Sep 25 10:09:19 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 91515106566C for ; Sun, 25 Sep 2011 10:09:19 +0000 (UTC) (envelope-from s.khanchi@gmail.com) Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com [209.85.218.54]) by mx1.freebsd.org (Postfix) with ESMTP id 1A4248FC0A for ; Sun, 25 Sep 2011 10:09:18 +0000 (UTC) Received: by yia13 with SMTP id 13so4629022yia.13 for ; Sun, 25 Sep 2011 03:09:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:content-type; bh=xEmtC4V5C2IKnY4bT8TtvaTa6Pa11UXzOuzOAWkyoF0=; b=efhDeu9wAJxpW58LTbt0iqLiD6k56abJSIjJjAoxKImJcjyHCb7PdIau1Iz19LVHZg FOLWY6GzKmLs4CzBwYX65V89ysGp+6PWFVyfbiGPTLgKdgcdcBpUp78D/toSek0K/MeN gB/ymagxcqeTV4H6nbDl9sdK+6MQMusoMsYAM= Received: by 10.68.27.231 with SMTP id w7mr11719473pbg.42.1316945358089; Sun, 25 Sep 2011 03:09:18 -0700 (PDT) MIME-Version: 1.0 Sender: s.khanchi@gmail.com Received: by 10.143.139.1 with HTTP; Sun, 25 Sep 2011 03:08:58 -0700 (PDT) From: h bagade Date: Sun, 25 Sep 2011 13:38:58 +0330 X-Google-Sender-Auth: dflkBlbjXYGfoQQLH0VYBPtB88s Message-ID: To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: problem in defining pool ip addresses in the round robin manner X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Sep 2011 10:09:19 -0000 Hi all, I've noticed that there is no way to define pool addresses in the format of networks when it is in the mode of round robin? Is this true? I want to nat IP addresses in to a range of IP addresses in a round robin manner. In the case of round robin I should try the ip addresses one by one on the right side of nat rule which is not optimal in compare with if it could be defined in network addresses! for instance, I want to nat ip addresses from 192.168.0.0/24 network to the range of 10.10.10.1- 10.10.20.20 ip addresses in round robin. In pf rule I should list the ip addresses in range one by one like this: nat on $ext_if from { 192.168.0.0/24} to any -> {10.10.10.1, 10.10.10.2, ...., 10.10.10.254, 10.10.11.1, ...., 10.10.20.20} which number of ip addresses on the right side is more that 2550 which could be reduced extremely by defining network addresses {e.g. 10.10.10.0/24, 10.10.11.0/24, ... }. Is my understanding true or there is a more simple solution for this situation? Any comments or hints are appreciated.