On 14 October 2009 c. 17:09:17 Mentesan wrote: > Hi, > > I have a branch office Firewall that also acts as a smtp relay for the > internal network, the system has 3 Internet connections: > > 1 - DHCP (default gateway) > 2 - Fixed IP ($embratel_if) > 3 - Fixed IP > 4 - LAN > > The default gateway is the DHCP interface. I can route LAN traffic to > any of the Internet Links as desired, that is ok. > My problem happens when I try to route the smtp traffic from the > Firewall itself trough other interface than the default gateway. > > I've configured the following rules: > --------------- > nat on $embratel_if proto tcp to port smtp -> ($embratel_if) > ... > ... > pass out on $ext_if route-to ($embratel_if $embratel_gw) proto tcp to > port smtp > --------------- > > The route-to rule routes the packets as expected, but the outgoing > packets doesn't have the source IP changed. It goes out by the right > interface but with the wrong ip address (the IP of the default > gateway). > > How can I get this setup working?
You didn't mentioned version of OpenBSD you're using - 4.5? If I understand you correctly, you should change your nat rule to: nat on $ext_if proto tcp to port smtp -> ($embratel_if) Remember that "pass ... route-to" routes the packet on the $ext_if interface, and NAT occurs _before_ stepping through filter rules. So the packet is on the $ext_if interface there too. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?