Stuart Henderson writes: > i think it's simpler if you write this as one rule: > > pass in quick on $ext_if proto tcp from $work_hosts to $ssh_host \ > port ssh rdr-to $ssh_host modulate state I've done that after looking at Peter's presentation :)
> is there any change if you remove 'modulate state'? I don't think I'm using that in my current config, but will check later. > do you have any other 'match' rules that would apply to these packets? Potentially yes, but pflog shows the packets are matched by the correct rules. Will confirm later when I'm home. > reduce the ruleset to the minimum needed for the redirection and anything > critical; if it still shows the problem then it would be useful to post > the ruleset. --------------------------------------------------------------- This message and any attachments may contain Cypress (or its subsidiaries) confidential information. If it has been received in error, please advise the sender and immediately delete this message. ---------------------------------------------------------------
