Hi,
I've also tried different NAT rules, I just forgot to mention it.
Code:
- match out on carp inet from !(carp:network) to any nat-to (carp:0)
- match out on carp0 inet from !(carp0:network) to any nat-to carp0
Same result, no go.
I also went really specific but the result was the same unfortunately:
Code:
match out on carp0 inet from carp1:network to any nat-to carp0
LE: AFAIR the rules are supposed to be written for the physical interface and not the carp if.
LE2:
Code:
Ruleset Tips
Filter the physical interface. As far as PF is concerned, network traffic comes from the physical interface, not the CARP virtual interface (i.e., carp0). So, write your rule sets accordingly. Don't forget that an interface name in a PF rule can be either the name of a physical interface or an address associated with that interface. For example, this rule could be correct:
pass in on fxp0 inet proto tcp from any to carp0 port 22
but replacing the fxp0 with carp0 would not work as you desire.
http://www.openbsd.org/faq/pf/carp.html