NAT, both ways


so now we can rewrite src and dst addresses at the same time

but nasty effects with route lookups for nat in and rdr out
rdr changing dst IP
must send on another interface?
must deliver locally?
nat has the same problem with return traffic

so pfctl prohibits nat in and rdr out