I have a gateway host running pf and NATing two private RFC1918 subnets behind a single public IP. I have the following interfaces configured: Code: vr0: 88.x.x.x/yy em0: 192.168.0.1/24 (subnet A) ath0: 192.168.1.1/24 (subnet B) and the following NAT rules: Code: no nat on vr0 inet from 192.168.0.0/24 to 192.168.1.0/24 no nat on vr0 inet from 192.168.1.0/24 to 192.168.0.0/24 nat on vr0 inet from 192.168.0.0/24 to any -> 88.x.x.x nat on vr0 inet from 192.168.1.0/24 to any -> 88.x.x.x Both private subnets can reach the Internet fine, but I'm unable to get them talking to eachother and I'm not able to figure out why. I have 'set skip on em0' and 'set skip on ath0' in my pf ruleset, so these problems aren't due to other filter rules. If I set a host on subnet A pinging a host on subnet B, tcpdump shows the ICMP packets coming into em0 and then being sent out of ath0, but the B-host doesn't sent any reply back via the gateway. It periodically sends an ARP request for the gateways MAC address and gets a response, but still won't route the ping responses back that way. Can anyone advise on why this isn't working?