Hello all...
can anyone help me with this puzzle?
I have a rdr load-balancer to 2 internal servers. It works fine when I connect from the external world to the webservers (1.2.3.4 -> 66.36.236.81 -> {192.168.0.13, 192.168.0.14})
But if I try to connect from the internal net back to the webservers I get a blocked connection (192.168.0.13 -> 66.36.236.81 -> {192.168.0.13, 192.168.0.14})
--------------------------
ext_if="fxp0"
int_if="fxp1"
int_net = "192.168.0.1/24"
gateway = "192.168.0.1"
table <ext_ips> const {66.36.236.81}
table <int_ips> persist {192.168.0.13 192.168.0.14}
# translation
rdr on $ext_if proto tcp from any to <ext_ips> port {80 443} -> <int_ips> sticky-address
nat on $ext_if from $int_net -> ($ext_if:0)
# filter
pass in quick log on $ext_if proto tcp from any to <int_ips> port {80 443} flags S/SA keep state (max 2000)
pass out quick keep state
block in log quick on $ext_if
----------------------------
