Senhores, Venho mais uma vez pedir ajuda dos senhores, estou montando um servidor Freebsd 8.1 para 1 LAN e 2 WAN, mas os pacotes que saem da LAN não são direcionado para a WAN que não é a rota default, e quando entram na placa que não é a rota dafaul não consegue chegar no destino mesmo passando ok pelo firewall, alguém poderia me dar uma luz? Seguem os arquivos:
------------------ PF.CONF ------------------ lan_net = "192.168.26.0/24" ip_fw = "192.168.26.5" int_if = "vr0" operadora_A = "rl0" # EBT operadora_B = "wb0" # GVT [ROTA DEFAULT] gw_operadora_A = "200.YYY.XXX.1" #EBT [ROTA OPR2] gw_operadora_B = "192.168.1.1" #GVT [ROTA DEFAULT] nat on $operadora_A from $lan_net to any -> ($operadora_A) nat on $operadora_B from $lan_net to any -> ($operadora_B) block log all set skip on lo pass out log on $operadora_A proto tcp from any to any flags S/SA modulate state pass out log on $operadora_A proto { udp, icmp } from any to any keep state pass out log on $operadora_B proto tcp from any to any flags S/SA modulate state pass out log on $operadora_B proto { udp, icmp } from any to any keep state pass out log on $int_if route-to ($operadora_A $gw_operadora_A) proto tcp from any to any port 22222 keep state rtable 1 pass in log on $int_if route-to ($operadora_A $gw_operadora_A) proto tcp from any to any port 22222 keep state rtable 1 ------------------ TESTE PF.CONF ------------------ pass out log on $int_if route-to ($operadora_A $gw_operadora_A) proto tcp from any to any port 22222 keep state pass in log on $int_if route-to ($operadora_A $gw_operadora_A) proto tcp from any to any port 22222 keep state pass out log on $int_if reply-to ($operadora_A $gw_operadora_A) proto tcp from any to any port 22222 keep state pass in log on $int_if reply-to ($operadora_A $gw_operadora_A) proto tcp from any to any port 22222 keep state pass out log on $int_if reply-to ($operadora_A $gw_operadora_A) proto tcp from any to any port 22222 keep state rtable 1 pass in log on $int_if reply-to ($operadora_A $gw_operadora_A) proto tcp from any to any port 22222 keep stat rtable 1 pass out log on $int_if proto tcp from any to any port 22222 keep state rtable 1 pass in log on $int_if proto tcp from any to any port 22222 keep stat rtable 1 ------------------ LOG SEMPRE O MESMO ------------------ 00:00:01.891550 rule 4/0(match): pass out on wb0: 192.168.1.10.29354 > AAA.BBB.CCC.DDD.22222: tcp 40 [bad hdr length 0 - too short, < 20] ------------------ RC.CONF ------------------ #defaultrouter="192.168.1.1" #defaultrouter="200.YYY.XXX.1" hostname="fw-contec-vix" ifconfig_vr0="inet 192.168.26.5 netmask 255.255.255.0" ifconfig_wb0="192.168.1.10 netmask 255.255.255.0" ifconfig_rl0="inet 200.YYY.XXX.2 netmask 255.255.255.0" gateway_enable="YES" pf_enable="YES" pf_rules="/etc/pf.conf" pf_flags="" syslogd_flags="-ss" pflog_enable="YES" pflog_logfile="/var/log/pflog" pflog_flags="" keymap="br275.iso.acc" ------------------ SYSCTL.CONF ------------------ net.inet.ip.forwarding=1 ------------------ LOADER.CONF ------------------ net.fibs=6 ------------------ setfib -0 netstat -nr ------------------ Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGS 1 138 wb0 127.0.0.1 link#4 UH 0 0 lo0 192.168.1.0/24 link#2 U 0 20 wb0 192.168.1.10 link#2 UHS 0 0 lo0 192.168.26.0/24 link#3 U 0 688 vr0 192.168.26.5 link#3 UHS 0 0 lo0 200.YYY.XXX.0/24 link#1 U 0 0 rl0 200.YYY.XXX.2 link#1 UHS 0 0 lo0 ------------------ setfib -1 netstat -nr ------------------ Internet: Destination Gateway Flags Refs Use Netif Expire default 200.YYY.XXX.1 UGS 0 0 rl0 127.0.0.1 link#4 UH 0 0 lo0 192.168.1.0/24 link#2 U 0 0 wb0 192.168.26.0/24 link#3 U 0 0 vr0 200.YYY.XXX.0/24 link#1 U 0 0 rl0 ------------------ netstat -nr ------------------ Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGS 1 189 wb0 127.0.0.1 link#4 UH 0 0 lo0 192.168.1.0/24 link#2 U 0 20 wb0 192.168.1.10 link#2 UHS 0 0 lo0 192.168.26.0/24 link#3 U 1 690 vr0 192.168.26.5 link#3 UHS 0 0 lo0 200.YYY.XXX.0/24 link#1 U 0 0 rl0 200.YYYY.XXX.2 link#1 UHS 0 0 lo0 ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd