route-to rule.

Stephane Raimbault segr at
Tue Jan 25 15:23:03 PST 2005

Looking into audities... it seems that the nat that goes across this line 
right now:

nat on $ext_if1 from $internal_net to any -> ($ext_if1)

seems to round robin the external IP as I have several IP's aliased on 
$ext_if1 if I replace the above line with this:

nat on $ext_if1 from $internal_net to any -> ($ext_ip1)

where $ext_ip1 is the external IP I want the nat to go out, however when I 
do this... the lan can no longer establish new connections... any thoughts 
on this?


>From: "Chris Dionissopoulos" <dionch at>
>Reply-To: "Chris Dionissopoulos" <dionch at>
>To: "Stephane Raimbault" <segr at>, <freebsd-pf at>
>Subject: Re: route-to rule.
>Date: Tue, 25 Jan 2005 20:43:09 +0200
>For vpn problem:
>Is routing already set in both sides?
>route add <tun0_other_peer_IP>
>Other vpn end:
>route add <tun0_pf_box_IP>
>For DNS problem:
>You have to decide which gateway pf-box will use
>as default for own connections (default gateway is missing).
>route add default <gw1> |<gw2> maybe solves it.
>----- Original Message ----- From: "Stephane Raimbault" <segr at>
>To: <dionch at>; <freebsd-pf at>
>Sent: Tuesday, January 25, 2005 8:17 PM
>Subject: Re: route-to rule.
>>Well this is odd.. I gave this a try... and the tun interface wasn't able 
>>to pass traffic between the 2 lan's
>> is the remote lan, and is the local lan.
>>and dns stopped working for the local lan... I have a caching dns server 
>>configured on the pf box, and even that couldn't resolve anything despite 
>>still having good network connections to the 2 wan's
>>Any idea what's missing?
