From owner-freebsd-pf@FreeBSD.ORG  Tue Nov 20 00:46:53 2012
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 4E613E8
 for <freebsd-pf@freebsd.org>; Tue, 20 Nov 2012 00:46:53 +0000 (UTC)
 (envelope-from kevin.wilcox@gmail.com)
Received: from mail-pa0-f54.google.com (mail-pa0-f54.google.com
 [209.85.220.54])
 by mx1.freebsd.org (Postfix) with ESMTP id 1B1EC8FC14
 for <freebsd-pf@freebsd.org>; Tue, 20 Nov 2012 00:46:53 +0000 (UTC)
Received: by mail-pa0-f54.google.com with SMTP id kp6so3952115pab.13
 for <freebsd-pf@freebsd.org>; Mon, 19 Nov 2012 16:46:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=GjVwDEtxYxpHpKsjpp+V9dymlFi2+WLVNLCK5GRRT9I=;
 b=DL1f2glSpAaKA7We9bqSWn5IP7hGnhg+oc/2oxqlWrvwBejKGU6B2S1oM187NbGwTu
 JVwK6PYUW6NHwiifYltmBEDAliH2S3j4vSQVhTpLUEaN0cSomtbuVBJSDnzmDJ6aMIHe
 NLUC8x3lWHqzKbFpbWa54LNFcbsaP4nucYr5+8kBDnJVzRe5dN1tRvju3164oC1llU1O
 sq/oO+0gbpBkhiA4X5Vav80GhxPZinCVTi9PK1KIWw0a2vzRZZqxAI19yjLfP/vHQcMt
 IyIjha1oJKtWlcz2XI1Vyk4vnT5uxxgf8ZJqKw6uadC/mVTjPzCnLj9jwWwgTqLJLpaM
 1Gwg==
MIME-Version: 1.0
Received: by 10.66.80.166 with SMTP id s6mr3249165pax.21.1353372412704; Mon,
 19 Nov 2012 16:46:52 -0800 (PST)
Received: by 10.68.8.2 with HTTP; Mon, 19 Nov 2012 16:46:52 -0800 (PST)
In-Reply-To: <20121119235601.GK2692@verio.net>
References: <CAEDV4ypAo21-4KYws0LTxC+XSNNtSmWvMpvFGro6BqNH2z==Wg@mail.gmail.com>
 <CAFpgnrO3o1==XtxDK__KmEhX1C947DHhj5N_NptKomFBba3fzQ@mail.gmail.com>
 <CAEDV4ypG9vA4iDVkHD2gSJ3J81DNSMjjoU2_98Jd-2V=nXHz7g@mail.gmail.com>
 <CAFpgnrO9r_L1syR4STqvNJHTQ2cCFo6U711JNc_Uu-_eEkTQfg@mail.gmail.com>
 <CAFpgnrN4UWHrkS1sGAqy6jf4vL+Xi9b+oCfbZEF_T=xWt-D6tQ@mail.gmail.com>
 <20121119235601.GK2692@verio.net>
Date: Mon, 19 Nov 2012 19:46:52 -0500
Message-ID: <CAFpgnrPo8Nx8AT8PujqNXsKk3UUTB5hZWyBATX-m9oZ1rWQY1A@mail.gmail.com>
Subject: Re: Routing return NAT traffic based on interface
From: Kevin Wilcox <kevin.wilcox@gmail.com>
To: fox@verio.net, Peter McAlpine <peter@aoeu.ca>, freebsd-pf@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2012 00:46:53 -0000

On 19 November 2012 18:56, David DeSimone <fox@verio.net> wrote:

> This doesn't seem right, because even traffic coming in via the external
> interface will have its target IP changed to be the router, even if
> it is destined for some other place.  Previously you were using "from
> $int_if:network" to prevent this from happening to other traffic, but
> without that restriction, every packet would be subject to NAT.

My assumption was that the traffic coming in on the external interface
is already destined for the outside IP of the router, unless he's
doing some really funky stuff on both sides ;)

It sounded like he wanted to NAT anything coming from the inside
interface and then anything on the outside that wasn't return NAT
traffic was supposed to terminate on the router, but I've been known
to have clogged ears and awfully poor eyesight.

kmw