Hi, I would need some help in getting this working.
The idea is pretty simple, i have a box with 3 NICs; 2 for net pipes, and one for LAN. Routing and NAT works, however, i need that requests to u_ips always get NATed through u_if, and everything else through ext_if. As it is now, everything goes through ext_if. ext_if="tun0" int_if="vr0" u_if="ed0" ext_services="{2222}" int_services="{53,80}" rdp_port="{3232}" rdp_srv="{192.168.0.250}" u_ips="{123.123.123.123}" u_gw="192.168.1.1" localnet=$int_if:network set skip on lo0 set optimization aggressive set limit states 50000 scrub in all nat on $ext_if from $localnet to any -> ($ext_if) nat on $u_if from $localnet to $u_ips -> ($u_if) rdr pass on $ext_if proto tcp from any to $ext_if port $rdp_port -> $rdp_srv port 3389 antispoof for $ext_if antispoof for $u_if block drop all pass in inet proto tcp from any to any port $ext_services \ flags S/SA keep state pass in inet proto {tcp,udp} from $localnet to $int_if port $int_services \ flags S/SA keep state pass out all keep state pass from $localnet to any keep state And here's ifconfig: vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC> ether 00:13:d4:a7:84:f9 inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 52:54:00:df:92:3f inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (10baseT/UTP) rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether 00:02:44:59:91:d5 media: Ethernet autoselect (100baseTX <full-duplex>) status: active plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492 inet 111.111.111.111 --> 111.111.111.254 netmask 0xffffffff Opened by PID 449 As you can see, u_if(ed0) has IP addr 192.168.1.5, and the gateway is 192.168.1.1 (u_gw). Running 7.2-RELEASE, amd64. Any help is appreciated. Thanks. -- Ghirai. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"