Daniel:
H, could have sworn pf assumed that .0 meant that all possible .x was
valid (in this instance 192.168.1.0/24) but fair enough; the network is
defined as 192.168.1.0/24 (sorry, was in a hurry so when I re-wrote the
ruleset I used shorthand. My appologies)
Ben
-Original Message-
From: Daniel Hartmeier [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 10, 2005 12:20 AM
To: Ben
Cc: pf@benzedrine.cx
Subject: Re: Tcpdump grepped for the machine: RE: Trouble
with route-to:
On Wed, Mar 09, 2005 at 10:19:17PM -0800, Ben wrote:
Mar 09 22:10:45.682221 0:9:5b:12:43:xx 0:c:f1:91:70:xx 0800 62:
192.168.1.132.1273 216.51.232.100.80: S
417417262:417417262(0) win
16384 mss 1460,nop,nop,sackOK (DF)
$internal_net = 192.168.1.0
nat on rl0 from $internal_net to !$internal_net - (rl0) nat on rl1
from $internal_net to !$internal_net - (rl1) pass in on
em0 route-to
(rl1 gw1) from 192.168.1.132 to !$internal_net keep state
If you really defined internal_net as 192.168.1.0, and not
192.168.1.0/24, neither of those three rule matches the
packet, because
192.168.1.132 is not within 192.168.1.0/32. Leaving out the
/network part means /32 (for IPv4) in pf.
If you misquoted your ruleset, quote precisely.
Daniel
