On Fri, Apr 25, 2008 at 12:36 AM, Martin Kruse Jensen <[EMAIL PROTECTED]> wrote: > > I still need to set the default lan -> any rule to use the loadbalancetowan > gateway right?
correct > In http://pastebin.com/f36121457 i didn't > but in http://pastebin.com/f10483182 i did change it yep, looks like we aren't installing the reply-to logic on WAN for some reason (probably cause nobody had a setup where machines on wan2 tried to connect to services on wan). Can you file a bug on cvstrac.pfsense.com for this, please? Thanks --Bill > > Martin > > Bill Marquette skrev: > > On Thu, Apr 24, 2008 at 4:22 AM, Martin Kruse Jensen <[EMAIL PROTECTED]> > wrote: > > > The /tmp/rules.debug can be found at http://pastebin.com/m39a0c097 > > Before getting /tmp/rules.debug i did the following: > - Created failover gateway in Services -> Load-balancer (loadbalancetowan) > - Set the default lan -> any rules gateway to loadbalancetowan > - Set the firewall rules (created by nat) to use the gateway > loadbalancetowan on both WAN's > > > > > Yeah, don't do that. You need a NAT (rdr/port forward in this case) > and filter rule per WAN, but don't change the gateway else you end up > with non-sensical rules like: > pass in quick on $wan route-to { ( vr0 10.33.56.1 ) } proto tcp from > any to <main> port = 80 keep state label "USER_RULE: NAT " > and > pass in quick on $StofaOPT1 route-to { ( vr0 10.33.56.1 ) } proto tcp > from any to { 192.168.1.3 } port = 80 keep state label "USER_RULE: > NAT Stofatest" > > which points the next hop INBOUND for this traffic to vr0 (which is > your WAN in this case). ie. the traffic goes back outbound...bad. > > I still see no reply-to's in the ruleset, so I'm suspecting that we > have an issue when dealing with rules on the default gateway, but fix > those rules to use the default gateway and give us the output of > rules.debug again if you are still having issues. Thanks > > --Bill > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
