[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf.conf/nat question

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: pf.conf/nat question
From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
Date: Fri, 4 Apr 2003 00:33:51 +0200
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

On Thu, Apr 03, 2003 at 10:44:52AM -0800, Michael Teter wrote:
> I'm getting the following error when I try to parse my
> pf.conf:
> /etc/pf.conf:74: translation address expands to
> multiple IPs of this address family

this is the third time within a week I am answering this.

you have rule like

nat from any to any -> dc0

and dc0 has more than one IP address. as NAT needs exactly one IP address
(leaving address pools out of the picture now), that is no uniquely
parseable statement, and thus you have to specify the IP address instead of
the interface.

The interface expansion code recently got a clue and expands to all IPs of
the given interface, instead of just "the first", for whatever definition of
"the first". that's why it worked to some degree before 3.3.

-- 
http://2suck.net/hhwl.html
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

References:
- pf.conf/nat question
  - From: Michael Teter

Prev by Date: JVM for macppc OpenBSD
Next by Date: New PF Features
Previous by thread: Re: pf.conf/nat question
Next by thread: JVM for macppc OpenBSD
Index(es):
- Date
- Thread

Visit your host, monkey.org