Subject: Re: [Fwd: Re: kern/28651: NAT in pf slow with TCP]
To: Mipam <>
From: Teemu Rinta-aho <>
List: current-users
Date: 12/21/2004 19:14:38
Thanks, but no matter how I write the rules and how minimal
and unsophisticated I make the ruleset, it just doesn't work.

Could someone please tell me how these different filters
locate in the stack (i.e. ipfilter, pf and tcpdump) for incoming
and outgoing packets? What I noticed was that when I use
ipfilter, with tcpdump I see packets going out with the IP
source address of the external interface (NAT has taken
place before tcpdump), while with pf I see source addresses
not been changed by NAT yet... Is the pf NAT broken or is the
situation in the output something like this?

socket ------ ipfilter -- tcpdump -- pf ----->

A diagram of the IP stack would be worth a thousand
words. Any links to any related information appreciated!


Mipam wrote:
> Hi,
> I am using pf with nat.
> Since i'm not using ip addressess i could gain a little speed by 
> specifying them instead of the interface (Itojun mentioned it once).
> I run the source from nov 23 2004. I had to restore from a build from this 
> weekend because i couldnt use my intel cards properly anymore (at least 
> not with checksum offloading enabled). So i'll wait until this matter 
> (Report #28595) is resolved before doing a new build.
> This machine is also functioning as nameserver (bind 9.3.0) and doing 
> fine, allthough i'm very eager to do a new build to get the fixes on pf 
> in from december.
> Bye,
> Mipam.