I am using PF for NAT.  I would like to stop NAT states from floating
between interfaces.  I have searched all day for a solution, but I have
not found one.  Does anyone know how?

Details:

I have this translation rule on the ethernet admsw0,

nat on admsw0 inet from <cuwin> to ! <cuwin> -> 192.168.1.4 port 10000:20000

I have noticed that the translation states will "float" between admsw0 and
ath0.  That is, if the routes change so that a flow that passes through
admsw0 passes through ath0, instead, then the address translations from
admsw0 continue to apply to the flow on ath0.  I can see why that might
be desirable in some cases, but it is bad for my application.

Here is the NAT state:

self udp 10.0.246.46:65533 -> 192.168.1.4:14690 -> a.b.c.d:2524       SINGLE:NO_TRAFFIC
self udp 10.0.246.46:65531 -> 192.168.1.4:13794 -> a.b.c.d:2525       SINGLE:NO_TRAFFIC

I see those translations applied to traffic going out ath0 after the route
to a.b.c.d moves from admsw0 to ath0.  As I say, that's not what I desire.

I thought that 'set state-policy if-bound' would help, but I have found
out in other experiments that it will not.  I believe I understand why not
after reading the PF sources, especially sys/dist/pf/sbin/pfctl/parse.y
and sys/dist/pf/net/pf.c.

Is there a way to stop NAT states from "floating" that I have missed?

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933