On Thu, Apr 24, 2008 at 4:22 AM, Martin Kruse Jensen <[EMAIL PROTECTED]> wrote:
> The /tmp/rules.debug can be found at http://pastebin.com/m39a0c097
>
> Before getting /tmp/rules.debug i did the following:
> - Created failover gateway in Services -> Load-balancer (loadbalancetowan)
> - Set the default lan -> any rules gateway to loadbalancetowan
> - Set the firewall rules (created by nat) to use the gateway
> loadbalancetowan on both WAN's
Yeah, don't do that. You need a NAT (rdr/port forward in this case)
and filter rule per WAN, but don't change the gateway else you end up
with non-sensical rules like:
pass in quick on $wan route-to { ( vr0 10.33.56.1 ) } proto tcp from
any to <main> port = 80 keep state label "USER_RULE: NAT "
and
pass in quick on $StofaOPT1 route-to { ( vr0 10.33.56.1 ) } proto tcp
from any to { 192.168.1.3 } port = 80 keep state label "USER_RULE:
NAT Stofatest"
which points the next hop INBOUND for this traffic to vr0 (which is
your WAN in this case). ie. the traffic goes back outbound...bad.
I still see no reply-to's in the ruleset, so I'm suspecting that we
have an issue when dealing with rules on the default gateway, but fix
those rules to use the default gateway and give us the output of
rules.debug again if you are still having issues. Thanks
--Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
