So this is what worked for me. I'm not really sure why it does. Static-port is definitely working for my Xbox but I'm not really sure about the PS4 as I've not setup port forwarding yet to make sure the PS4 NAT is open and not restricted. I can tell when my Xbox static-ports isn't working correctly when my Xbox Nat shows restricted instead of open.
This works:
Code:
match out on egress inet from !$XBOX to any nat-to ($WAN:0) port 1024:65535
match out on egress from {$PS4 $XBOX} to any nat-to (egress) static-port
pfctl -vf pf.conf output
-------------------------------
match out on em0 inet from ! 10.200.200.114 to any nat-to (em0:0) port 1024:65535
match out on egress inet from 10.200.200.110 to any nat-to (egress) round-robin static-port
match out on egress inet from 10.200.200.114 to any nat-to (egress) round-robin static-port
I've considered my options for using pass instead of match. It would seem that a pass rule wouldn't really work since it's not sticky like a match rule.
Quote from the pf.conf man page reference a match rule:
Quote:
|
Subsequent rules will see packets as they look after any addresses and ports have been translated. These rules will therefore have to filter based on the translated address and port number.
|
So it would seem that a match rule is required first and then a pass rule should later apply. I'm sure there's something simple I'm overlooking here.