Hello,

> > Could I have a NAT rule like
> > 
> > map lo0 x.x.x.x -> y.y.y.y
> > 
> > where y.y.y.y is an address of one of the external interfaces, and x.x.x.x
> > an alias on lo0 ?
> > 
> > Would the packets then go to the wire from y.y.y.y without checksums?
> 
> although i'm not sure about ipfilter,
> i don't think it goes to the wire if y.y.y.y is an address of
> one of your own interfaces.

This sounds reasonable  - there would have to be a "fastroute" or
"route-to". 

Also, the packets probably wouldn't go through lo0 at all.
(What I would want to achieve is the following setup. I will have the
x.x.x.x public IP address from a provider. But I'm not directly connected
to a network with public IP addresses - i'm on a network with a private
addressing scheme. So the provider will translate the destination
addresses of packets coming to x.x.x.x to y.y.y.y and do the reverse for
packets arriving from y.y.y.y . Now the question is how to setup my
machine so that daemons (and also the stf device) can make use of the
public IP address. I thought the right way would be the map on lo0, as
desribed above. But now I think that I should use a "bimap" rule on my
external interface.)

> generally, if outgoing interface decision is changed from lo0 after
> udp_output check it, it can be a problem.

Isn't this the case for all hardware-accelerated checkhsums?

Bye	Pavel