> -----Original Message----- > From: Valentin Bud [mailto:valentin....@gmail.com] > Sent: Thursday, June 18, 2009 1:36 AM > To: Mike Sweetser - Adhost > Cc: freebsd-questions@freebsd.org > Subject: Re: PF Routing to VPN Device > > > > On Wed, Jun 17, 2009 at 10:31 PM, Mike Sweetser - Adhost > <mik...@adhost.com> wrote: > > > Hello, > > We have a network with a VPN device sitting beside a PF server, > both > connected to an internal network. > > PF Server: 10.1.4.1 > VPN Device: 10.1.4.200 > > The VPNs are set up for 10.1.1.0/24 and 10.1.2.0/24, so any > traffic to > these networks should be routed to 10.1.4.200. We've set up > routes on > the PF server as such. > > We've set up the following rules: > > block in log > pass in on $int_if route-to 10.1.4.200 from 10.1.4.0/24 to { > 10.1.1.0/24 > 10.1.2.0/24) > > However, the block in log is catching the return traffic. From > pflog > when somebody on the VPN (10.1.2.105) tries to connect to > 10.1.4.25 on > port 80: > > 000000 rule 28/0(match): block in on bge1: 10.1.4.25.80 > > 10.1.2.105.3558: [|tcp] > > If we remove the block in log, the traffic works. > > What are we missing? > > Thanks, > Mike > > > Hello Mike, > > What version on FBSD are you using? The keep state is implicit from > 7.0 as > far as i know. I might not be right so someone please correct. > > If that is the case you should add keep state to your rule and see > what happens.
We're using FreeBSD 7.2. Mike _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"