View Single Post
  #6   (View Single Post)  
Old 6th August 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Yes, if I've understood the problem correctly. Let's see if I understand:
  • You wish to have a general-case NAT rule in place for $default_out. If so, leave that match rule as-is.
  • For specific traffic you wish to use other translated addresses, such as $static2. If so, for that traffic, do not use a match rule. Instead, use nat-to on the specific pass rules. From the NAT chapter of the PF User's Guide (highlight mine):
Code:
pass
    This rule allows the packet to be transmitted. If the packet was
    previously matched by a match rule where parameters were specified,
    they will be applied to this packet.  pass rules may have their own
    parameters; these take priority over parameters specified in a 
    match rule.
Reply With Quote