> Hi i'm using this setup:
>
> Leased line 1 Lease line 2
> ============= =============
> | |
> |---------------------------|
> |
> |
> ================
> | OpenBSD 3.5 |
> =================
> | |
> | |------------------
> | |
> ================= ===================
> | internal net 1| | internal net 2 |
> ================= ===================
>
> What we are trying to do is have internal net1 and internal net 2 natted on lease
> line2, and services coming in thru lease line 1. This implies
> setting up RDR's for some services.
>
> The connections are RDR'd correctly, but the reply packets go thru leased line 2.
> I've tried various route-to setups with little success and the only corresponding
> message i found on this mailing-list had no replies.
>
> Thanks for your time.
I forgot to throw in my setup:
oxa_if = "hme0"
snr_if = "hme1"
free_if = "fxp0"
wana_if = "tun0"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
# options
#set block-policy return
# scrub
scrub in all
## NAT
nat on $snr_if from $oxa_if:network to any -> ($wana_if)
nat on $free_if from { $snr_if:network, !192.168.1.1 } to any -> ($free_if)
## redirects
rdr on $free_if proto tcp from any to ($free_if) port 25 -> 192.168.1.1 port 25
## filter rules
# autorisation smtp entrant
pass in log-all quick on $wana_if proto tcp from any to 192.168.1.1 port 25 flags S/SA
modulate state
# autorisation sur loopback
pass quick on lo0 all
# autorisation de la VPN
pass in quick on gif0 from 192.168.2.0/24 to 192.168.1.0/24
pass out quick on gif0 from 192.168.1.0/24 to 192.168.2.0/24
pass in quick on $free_if proto ipencap from X.X.X.X to X.X.X.X
pass out quick on $free_if proto ipencap from X.X.X.X X.X.X.X
# services entrant ICMP autorises
pass in quick inet proto icmp all icmp-type $icmp_types keep state
pass in log-all quick on $oxa_if from $oxa_if:network to any keep state
pass in log-all quick on $snr_if from $snr_if:network to any keep state
pass out log-all quick all
block in log-all quick all
