Max Laier <[EMAIL PROTECTED]> wrote on 2 Aug 2007 17:15: > Can you follow up with the complete pf.conf you are using? The "state
I'll send you the complete file in a personal mail. > insert failed" error suggests a logic problem in your config (or a missed > PF_TAG_GENERATED somewhere). It seems that the same packet is run > through the firewall twice, generating state on the first run, but not > matching it on the second ... somehow strange. As I wrote in my 1st message the following statements may produce the problem: nat inet from !tun2-address to any port = http -> tun2-address nat on tun0 inet from <intern> to any -> tun0-address .... pass out quick on tun0 route-to (tun2 tun2-peer) inet from tun2-address to any keep state pass out quick on tun2 route-to (tun0 tun0-peer) inet from tun0-address to any keep state The reason for this setup is, that I want to use policy based routing. The http port ist an easy to test example. I have 2 DSL/pppoe connections with NAT and tun0 has the default route assigned. I want - route some traffic from LAN (NATed) to tun2 - route some traffic from gateway to tun2 May be there is a better solution? Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
