On Mon, Jul 14, 2008 at 09:48:22PM -0700, Parvinder Bhasin wrote: > Actually Ryan, when I do the aliases way , do I still need the binat > statements? because when I use aliases and binat statements together, > it doesn't work. > Without the binat statements and with aliases everything works fine??
If you do aliases without the binat, you're not connecting to your natted hosts, you're connecting to your firewall. > what gives? Oh, I missed this before: > pass in on $ext_if proto tcp from any to 75.36.44.22 port 80 > pass in on $ext_if proto tcp from any to 75.36.44.23 port 25 Filtering happens AFTER translation, so you need to filter on the real addresses of the hosts, not the alias addresses.
