From owner-freebsd-pf@FreeBSD.ORG  Mon Aug 22 16:21:52 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5373D16A41F
	for <freebsd-pf@freebsd.org>; Mon, 22 Aug 2005 16:21:52 +0000 (GMT)
	(envelope-from schoch@spamcop.net)
Received: from homer.starnet.com (homer.starnet.com [204.147.189.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1E11043D45
	for <freebsd-pf@freebsd.org>; Mon, 22 Aug 2005 16:21:52 +0000 (GMT)
	(envelope-from schoch@spamcop.net)
Received: from [192.168.1.2] (homer.starnet.com [192.168.1.2])
	by homer.starnet.com (8.12.11/8.12.11) with ESMTP id j7MGLS7K006294;
	Mon, 22 Aug 2005 09:21:28 -0700
Message-ID: <4309FB88.9080005@spamcop.net>
Date: Mon, 22 Aug 2005 09:21:28 -0700
From: Steven Schoch <schoch@spamcop.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
	rv:1.7.10) Gecko/20050719 Red Hat/1.7.10-1.1.3.1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Daniel Hartmeier <daniel@benzedrine.cx>
References: <43061982.2040907@spamcop.net>
	<20050820021302.GB31370@insomnia.benzedrine.cx>
In-Reply-To: <20050820021302.GB31370@insomnia.benzedrine.cx>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-pf@freebsd.org
Subject: Re: rdr only works for some ports
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2005 16:21:52 -0000

Daniel Hartmeier wrote:
> There are a couple of possible explanations, the two simplest ones are:
> 
>   b) check that routing from 192.168.1.101 to external addresses goes
>      through the pf box (and not, for instance, through that other
>      NAT router you mentioned). replies from the sshd to the external
>      ssh client must pass back through the pf box, so it can reverse
>      the address translation.

That was it!  I actually figured this out earlier.  Now I feel stupid. 
The default route on the 192.168.1.101 box was still pointing to the old 
Netgear NAT router.

I didn't notice this because the Windows XP boxes, on which it worked, 
will periodically poll the DHCP server to get the update default router, 
but the Linux system only did it when booting.

-- 
Steve