On Tue, Jul 15, 2003 at 09:09:51PM +0200, Niclas Sodergard wrote: > Does anyone know if this is an issue with 3.1 or have a misunderstood > something? Will a route-to ignore nat rules?
Try nat on rl1 from 1.2.3.4 to any -> rl2 pass out on rl1 route-to (rl2 $gw_rl2) from rl2 to any keep state The packet will first go the interface with the default route (rl1), and rules are evaluated. First, the translation rule will match and apply (changing the source address). Then, filter rules are evaluated. The pass rule will match and cause re-routing to rl2 (where $gw_rl2 is the IP address of the gateway on the rl2 side) and create state. Incoming packets may arrive on rl1 or rl2 and match the state entry, causing back-translation. Further outgoing packets of the same connection will go to rl1 by default, match the state there, and cause re-routing to rl2 based on the state entry. I'm not sure why you specified 'in' (instead of 'out') in your pass rule, unless it was just a mistake, please explain. Usually you create state on the first packet of a connection, and for nat, that's an outgoing packet. Daniel
