Hi, the network at site A is 192.168.10.0/24. H is 192.168.10.197.
Site B's network is 192.168.0.0/24. The tunnel (TUN1) between the two is <Site A> <-10.0.9.2--- tunnel ---10.0.9.1-> <Site B> The NAT rule (first in my NAT list) is: Interface: TUN1 Protocol: any Source: Network 192.168.10.197/32 Port <empty> Destination: <all empty> Translation: Interface address (so the IP should be 10.0.9.2) Port: <empty> Looks like this in the list (top two entries) Interface: TUN1 Source: 192.168.10.197/32 Source Port: * Destination: * Destination Port * NAT Address: * NAT Port * Static Port No Description Translate smack's traffic to TUN1 IP Interface: WAN Source: 192.168.10.0/24 Source Port: * Destination: * Destination Port * NAT Address: * NAT Port * Static Port No Description Translate 192.168.10.x to WAN IP To me it seems the new (first rule) is completely ignored and rule 2 is used. Cheers, Nadine -------- Original-Nachricht -------- > Datum: Fri, 6 Apr 2012 17:58:49 +0200 > Von: Klaus Wunder <[email protected]> > An: pfSense support and discussion <[email protected]> > Betreff: Re: [pfSense] Several sites: How to route Internet-bound traffic of > a host at site A through site B > Hi, > > what is you translation address in the NAT rule? The Interface Address of > Firewall B? > Have you disabled Automatic NAT rule generation? > > Kind Regards > > Klaus Wunder > > > Von meinem iPhone gesendet > > Am 06.04.2012 um 17:30 schrieb "Nadine Schlüter" > <[email protected]>: > > > Hi, > > > > I'm running several pfSense ALIX Boxes at different locations. Each box > > has a direct Internet connection (WAN) and runs OpenVPN Tunnels to other > > sites. Works all fine. > > > > Now I want to route all Internet-bound traffic of one (and only one!) > > host H from site A through site B's pfSense box to the Internet. Is > > there a way to do this? > > > > I tried setting up a special outbound NAT rule for H at site A's > > pfSense box, which essentially is <H's IP>/32 -> <Tunnel to site B > > Interface IP>. But this did not have any effect. > > > > Of course there is another NAT rule already in place that translates > > anything from site A's private network to the local WAN address. > > However, I put the special NAT rule for H as the first in the NAT rule > > list, hoping that it matches first and will therefore be preferred. > > However, if I traceroute from H to a machine outside (say 8.8.8.8) I can > > still see the traffic going out through site A's WAN interface - never > > getting into any tunnel. > > > > The tricky bit is that host H's traffic is for the Internet. I can > > reach hosts at other sites without problems (static routes and tunnel > > NATs is place). > > > > Has anyone here done this before? I would greatly appreciate some > > advice on this... > > > > Cheers, > > Nadine > > -- > > NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone! > > > Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a > > _______________________________________________ > > List mailing list > > [email protected] > > http://lists.pfsense.org/mailman/listinfo/list > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
