filtering local traffic on nat gateway
fox at verio.net
Wed Sep 26 15:49:28 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Reinhard Haller <reinhard.haller at interactive-net.de> wrote:
> Based on the last rule there is no way to distinguish forwarded from
> local outgoing traffic.
> Any suggestions?
Change this rule like so:
> nat on $ext_if from !($ext_if) -> ($ext_if)
> nat pass on $ext_if from !($ext_if) -> ($ext_if)
This way, all traffic chosen to be nat'd will also pass the ruleset.
Or rather, bypass the ruleset.
I am worried about your rule, though, because it seems that any even
traffic arriving from the Internet will have a source IP of !($ext_if),
so it will end up matching ALL traffic.
David DeSimone == Network Admin == fox at verio.net
"It took me fifteen years to discover that I had no
talent for writing, but I couldn't give it up because
by that time I was too famous. -- Robert Benchley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the freebsd-pf