* Trevor Talbot ([EMAIL PROTECTED]) [030605 22:32]: > On Thursday, Jun 5, 2003, at 15:34 US/Pacific, Greg Rumple wrote: > > >I guess I should test things before hitting send. Below is what I > >have, > >I typed in my live addresses versus test addresses, and lo and behold > >it > >still didn't work. > > > >Anyway, with the following it works in my test lab. > > If it works with test addresses, but not with live addresses, there must > be something different about the live addresses.
No I meant when I typed the address's in myself (my test networks not connected to anything real, so I had to re-type the entries), I for some reason typed in the real addresses. I had typed in the test addresses on the test system. AKA I need to learn to "proof read" what I say. :-) > I'll add numbers to the rules you posted; they should match the output > of "pfctl -vvsn": > > 0 binat on fxp0 from 1.2.3.231 to any -> 10.10.2.231 > 1 binat on fxp0 from 1.2.3.232 to any -> 10.10.2.232 > 2 binat on fxp1 from 1.2.3.231 to any -> 10.10.2.231 > 3 binat on fxp1 from 1.2.3.232 to any -> 10.10.2.232 > 4 binat on fxp0 from 10.10.2.231 to any -> 1.2.3.231 > 5 binat on fxp0 from 10.10.2.232 to any -> 1.2.3.232 > 6 binat on fxp1 from 10.10.2.231 to any -> 1.2.3.231 > 7 binat on fxp1 from 10.10.2.232 to any -> 1.2.3.232 > > Half of them should be unnecessary, unless there's something else going > on with your network setup. With 1.2.3/24 on fxp0, and 10.10.2/24 on > fxp1, this is what should be happening: Your correct, I'm on crack. That's right. Only the last 4 are necessary. I now have pf.conf ---------------------- binat from 10.10.2.231 to any -> 1.2.3.231 binat from 10.10.2.232 to any -> 1.2.3.232 ---------------------- And it works just fine. -- Greg Rumple [EMAIL PROTECTED]
