Die Gestalt wrote:
Do you have pf enabled and if yes can you share with us your pf.conf?
It sounds like you nat everything including one of your incoming
connection. When the request arrives on one interface it gets natted
to the other.
My pf.conf is quite cluttered. So thanks for the first hint. I should
debug with the *minimum* pf.conf that shows the problem.
I didn't expect NAT to enter into anything at all because I was only
going to the firewall itself, not to an internal network. But I've
reproduced my NAT rules below and *YES* NAT was screwing things up.
The way that happened is I modified my NAT when I went from 1 external
interface to 2 external interfaces. But I didn't modify it correctly, so
NAT was occurring.
I'll keep working on a simpler pf.conf. But as of right now my outgoing
packets are still being sent out the default interface rather than the
one they came in on.
iif = "em0" # inside interface
cif = "em1" # cable modem interface (default route)
dif = "xl0" # dsl interface
set block-policy drop
set state-policy if-bound
set loginterface $cif
set optimization normal
set require-order yes
set skip on lo
scrub in all fragment reassemble
XXXXXXXX BELOW TWO RULES WERE BAD XXXXXXXXX
XXXXXXXX THEY ARE NOT SUFFICIENT WHEN USING 2 EXTERNAL INTERFACES XXXXXX
nat on $cif from !($cif) -> ($cif:0)
nat on $dif from !($dif) -> ($dif:0)
XXXXXXXXXX I NEED TO CHANGE TO SOMETHING LIKE THIS XXXXXXXXX
nat on $cif from ($iif:network) -> ($cif:0)
nat on $dif from ($iif:network) -> ($dif:0)
