NAT Reflection implementation for 1:1 NAT now in 2.0
ShadowFlare last edited by
As of snapshot builds after this post, there is an NAT reflection implementation included for 1:1 NAT mappings. It has a separate option in the same area as the other, and like the other it is not enabled by default. If you want to test it out, enable it by unchecking the box, and let me know if there are any issues (either by posting here or filing a bug report).
The implementation is different than the current implementation used for port forwards (though reflection on port forwards may use an updated version of this implementation in the future). It should be more efficient in both CPU and RAM utilization since it is implemented entirely with pf rules, rather than having to use an external program, spawning a new process for each connection, in addition to still needing to forward the packets to that program in the first place.