--- Cedric Berger <[EMAIL PROTECTED]> wrote:
Paul Cusbish wrote:
> [ All, a bit of a late followup, but i've included some rules this time. Thanks for
> your help ]
>
> Hi there,
>
> I have a common setup (seen it a few times on this list) -
>
> xl0 LAN
> fxp0 Cable / dynamic address
> fxp1 ADSL / static (DNS, SMTP, HTTP etc...)
>
> The default gateway is fxp0, of which is nat'd.
>
> The fxp1 link is, as specified above, the "services" link. I have some reply-to
> rules for SMTP, HTTP etc,
> to avoid asymmetric routing, which works great.
>
> I have BOTH links natting now.
>
> I do tend to use IRC and Mail from the gateway, and not from the internal network.
> How would the rules differ?
>
> Here are the route-to rules that do not work:
> nat on $cable_if from $internal_net to any -> ($cable_if) (NOTE: This is
> the default route)
> nat on $adsl_if from $internal_net to any -> ($adsl_if)
>
> pass out quick on $adsl_if route-to ($adsl_if $adsl_route) inet proto tcp from any
> to any port 25 modulate state
Problem is that this rule cannot work. The default route is set
on $cable_if, therefore the "pass out quick on $ADSL_IF" rule
will never be kicks in. That is the classical chicken-and-egg
problem. you need to do something like:
pass out quick on $CABLE_IF route-to ($ADSL_IF...
But then, your nat rules will also need adjustments.
That's a PITA to get right, but that's doable.
Have fun!
Cedric
-----------------------------
Hi Cedric,
Thanks for your reponse.
Regarding the nat rules, could you give me a pointer in the general direction of what
needs to be adjusted please?
many thanks
pc.
_____________________________________________________________
[EMAIL PROTECTED]
http://www.digiverse.net
