On Tue, Jul 01, 2003 at 06:15:08PM +0100, Baitas wrote: > Jun 29 08:19:54.483958 rule 39/0(match): pass out on rl0: 192.168.1.12.1330 > > 213.228.128.63.80: S 2009984860:2009984860(0) win 64240 <mss 1460> (DF)
Well, it's going out the wire with a private source address (192.168.1.12), so you can't really expect a reply :) I assume you meant to NAT the connection, so the question is "why didn't the source address get translated?". The next question is "why should it be translated, based on what rule?". > ext_if="rl0" > int_net="192.168.1.0/24" > int_ip="192.168.1.1/32" > # Nat external interface to internal network > nat on $ext_if from $int_ip to any -> ($ext_if) Let's expand all macros used by your nat rule: nat on rl0 from 192.168.1.1/32 to any -> (rl0) Well, 192.168.1.12 is not within 192.168.1.1/32, hence the nat rule just didn't apply to that connection. I guess you want 'from $int_net' instead of 'from $int_ip' :) Daniel
