Hello Catalin: <snip>
> > Michael Smith <[EMAIL PROTECTED]> wrote: > > > On Dec 9, 2007, at 3:34 PM, Erik Norgaard wrote: > > > Michael Smith wrote: > >> Hello All: > >> I am trying to configure a round-robin group of Name Servers > that > >> respond on to and from a single address. > >> I want the following to occur: > >> 1) DNS query from 10.211.128.1 to 10.212.1.1 is redirected to > a > >> pool of name servers > >> 2) One of the name servers responds to the query > >> 3) The response shows a source address of 10.212.1.1, not the > >> actual name server > > <snip> > > > Hello Mike, > > > If I understand correctly your environment I think you should change > the NAT rule from: > > nat on $vlan821_if from $nr_net to $mail_net -> 10.212.1.1 > > to: > > nat on $vlan6_if from $nr_net to $mail_net -> 10.212.1.1 > > Let us know if this is solving the issue. > I'm still seeing the same issue. Here's the output from pfctl -sa | grep 10.212.1.1 nat on vlan6 inet from 10.212.1.0/24 to 10.211.0.0/16 -> 10.212.1.1 rdr on vlan6 inet proto udp from any to 10.212.1.1 port = domain -> <nr_roundrobin> round-robin rdr on vlan6 inet proto tcp from any to 10.212.1.1 port = domain -> <nr_roundrobin> round-robin vlan6 udp 10.212.1.11:53 <- 10.212.1.1:53 <- 10.211.128.146:54108 NO_TRAFFIC:SINGLE It looks like the redirect is happening correctly, but the NAT isn't working in reverse. The 10.212.1.1 address is in the subnet on $vlan821. Will this break NAT? That is, does NAT have to have an address on $vlan6? Regards, Mike
PGP.sig
Description: PGP signature
