route-to rule.

Stephane Raimbault segr at hotmail.com
Tue Jan 25 15:23:03 PST 2005 

Looking into audities... it seems that the nat that goes across this line 
right now:

nat on $ext_if1 from $internal_net to any -> ($ext_if1)

seems to round robin the external IP as I have several IP's aliased on 
$ext_if1 if I replace the above line with this:

nat on $ext_if1 from $internal_net to any -> ($ext_ip1)

where $ext_ip1 is the external IP I want the nat to go out, however when I 
do this... the lan can no longer establish new connections... any thoughts 
on this?

Thanks,
Stephane.

>From: "Chris Dionissopoulos" <dionch at freemail.gr>
>Reply-To: "Chris Dionissopoulos" <dionch at freemail.gr>
>To: "Stephane Raimbault" <segr at hotmail.com>, <freebsd-pf at freebsd.org>
>Subject: Re: route-to rule.
>Date: Tue, 25 Jan 2005 20:43:09 +0200
>
>Hi,
>
>For vpn problem:
>Is routing already set in both sides?
>
>pf-box:
>route add 10.0.0.0/26 <tun0_other_peer_IP>
>
>Other vpn end:
>route add 10.0.1.0/24 <tun0_pf_box_IP>
>
>
>For DNS problem:
>You have to decide which gateway pf-box will use
>as default for own connections (default gateway is missing).
>route add default <gw1> |<gw2> maybe solves it.
>
>Chris.
>
>
>
>----- Original Message ----- From: "Stephane Raimbault" <segr at hotmail.com>
>To: <dionch at freemail.gr>; <freebsd-pf at freebsd.org>
>Sent: Tuesday, January 25, 2005 8:17 PM
>Subject: Re: route-to rule.
>
>
>>Well this is odd.. I gave this a try... and the tun interface wasn't able 
>>to pass traffic between the 2 lan's
>>
>>10.0.0.0/26 is the remote lan, and 10.1.0.0/24 is the local lan.
>>
>>and dns stopped working for the local lan... I have a caching dns server 
>>configured on the pf box, and even that couldn't resolve anything despite 
>>still having good network connections to the 2 wan's
>>
>>Any idea what's missing?
>>
>>Thanks,
>>sTephane.
>>
>
>
>____________________________________________________________________
>http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ.
>http://www.freemail.gr - free email service for the Greek-speaking.

_________________________________________________________________
Take charge with a pop-up guard built on patented Microsoft® SmartScreen 
Technology. 
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines 
  Start enjoying all the benefits of MSN® Premium right now and get the 
first two months FREE*.

More information about the freebsd-pf mailing list