Date: Tue, 25 Jan 2005 16:22:45 -0700 From: "Stephane Raimbault" <segr@hotmail.com> To: dionch@freemail.gr, freebsd-pf@freebsd.org Subject: Re: route-to rule. Message-ID: <BAY24-F7CAA78DC83D17C3B49C46CC860@phx.gbl> In-Reply-To: <005101c5030d$b98beb20$0100000a@R3B>
next in thread | previous in thread | raw e-mail | index | archive | help
Looking into audities... it seems that the nat that goes across this line right now: nat on $ext_if1 from $internal_net to any -> ($ext_if1) seems to round robin the external IP as I have several IP's aliased on $ext_if1 if I replace the above line with this: nat on $ext_if1 from $internal_net to any -> ($ext_ip1) where $ext_ip1 is the external IP I want the nat to go out, however when I do this... the lan can no longer establish new connections... any thoughts on this? Thanks, Stephane. >From: "Chris Dionissopoulos" <dionch@freemail.gr> >Reply-To: "Chris Dionissopoulos" <dionch@freemail.gr> >To: "Stephane Raimbault" <segr@hotmail.com>, <freebsd-pf@freebsd.org> >Subject: Re: route-to rule. >Date: Tue, 25 Jan 2005 20:43:09 +0200 > >Hi, > >For vpn problem: >Is routing already set in both sides? > >pf-box: >route add 10.0.0.0/26 <tun0_other_peer_IP> > >Other vpn end: >route add 10.0.1.0/24 <tun0_pf_box_IP> > > >For DNS problem: >You have to decide which gateway pf-box will use >as default for own connections (default gateway is missing). >route add default <gw1> |<gw2> maybe solves it. > >Chris. > > > >----- Original Message ----- From: "Stephane Raimbault" <segr@hotmail.com> >To: <dionch@freemail.gr>; <freebsd-pf@freebsd.org> >Sent: Tuesday, January 25, 2005 8:17 PM >Subject: Re: route-to rule. > > >>Well this is odd.. I gave this a try... and the tun interface wasn't able >>to pass traffic between the 2 lan's >> >>10.0.0.0/26 is the remote lan, and 10.1.0.0/24 is the local lan. >> >>and dns stopped working for the local lan... I have a caching dns server >>configured on the pf box, and even that couldn't resolve anything despite >>still having good network connections to the 2 wan's >> >>Any idea what's missing? >> >>Thanks, >>sTephane. >> > > >____________________________________________________________________ >http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. >http://www.freemail.gr - free email service for the Greek-speaking. _________________________________________________________________ Take charge with a pop-up guard built on patented Microsoft® SmartScreen Technology. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY24-F7CAA78DC83D17C3B49C46CC860>