On 14 October 2009 c. 17:09:17 Mentesan wrote:
> Hi,
>
> I have a branch office Firewall that also acts as a smtp relay for the
> internal network, the system has 3 Internet connections:
>
> 1 - DHCP (default gateway)
> 2 - Fixed IP ($embratel_if)
> 3 - Fixed IP
> 4 - LAN
>
> The default gateway is the DHCP interface. I can route LAN traffic to
> any of the Internet Links as desired, that is ok.
> My problem happens when I try to route the smtp traffic from the
> Firewall itself trough other interface than the default gateway.
>
> I've configured the following rules:
> ---------------
> nat on $embratel_if proto tcp to port smtp -> ($embratel_if)
> ...
> ...
> pass out on $ext_if route-to ($embratel_if $embratel_gw) proto tcp to
> port smtp
> ---------------
>
> The route-to rule routes the packets as expected, but the outgoing
> packets doesn't have the source IP changed. It goes out by the right
> interface but with the wrong ip address (the IP of the default
> gateway).
>
> How can I get this setup working?
You didn't mentioned version of OpenBSD you're using - 4.5?
If I understand you correctly, you should change your nat rule to:
nat on $ext_if proto tcp to port smtp -> ($embratel_if)
Remember that "pass ... route-to" routes the packet on the $ext_if
interface, and NAT occurs _before_ stepping through filter rules. So the
packet is on the $ext_if interface there too.
--
Best wishes,
Vadim Zhukov
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
