Hi, what is you translation address in the NAT rule? The Interface Address of Firewall B? Have you disabled Automatic NAT rule generation?
Kind Regards Klaus Wunder Von meinem iPhone gesendet Am 06.04.2012 um 17:30 schrieb "Nadine Schlüter" <[email protected]>: > Hi, > > I'm running several pfSense ALIX Boxes at different locations. Each box > has a direct Internet connection (WAN) and runs OpenVPN Tunnels to other > sites. Works all fine. > > Now I want to route all Internet-bound traffic of one (and only one!) > host H from site A through site B's pfSense box to the Internet. Is > there a way to do this? > > I tried setting up a special outbound NAT rule for H at site A's > pfSense box, which essentially is <H's IP>/32 -> <Tunnel to site B > Interface IP>. But this did not have any effect. > > Of course there is another NAT rule already in place that translates > anything from site A's private network to the local WAN address. > However, I put the special NAT rule for H as the first in the NAT rule > list, hoping that it matches first and will therefore be preferred. > However, if I traceroute from H to a machine outside (say 8.8.8.8) I can > still see the traffic going out through site A's WAN interface - never > getting into any tunnel. > > The tricky bit is that host H's traffic is for the Internet. I can > reach hosts at other sites without problems (static routes and tunnel > NATs is place). > > Has anyone here done this before? I would greatly appreciate some > advice on this... > > Cheers, > Nadine > -- > NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone! > > Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
