Vadim Zhukov wrote:
On 14 October 2009 c. 17:09:17 Mentesan wrote:
Hi,
I have a branch office Firewall that also acts as a smtp relay for the
internal network, the system has 3 Internet connections:
1 - DHCP (default gateway)
2 - Fixed IP ($embratel_if)
3 - Fixed IP
4 - LAN
The default gateway is the DHCP interface. I can route LAN traffic to
any of the Internet Links as desired, that is ok.
My problem happens when I try to route the smtp traffic from the
Firewall itself trough other interface than the default gateway.
I've configured the following rules:
---------------
nat on $embratel_if proto tcp to port smtp -> ($embratel_if)
...
...
pass out on $ext_if route-to ($embratel_if $embratel_gw) proto tcp to
port smtp
---------------
The route-to rule routes the packets as expected, but the outgoing
packets doesn't have the source IP changed. It goes out by the right
interface but with the wrong ip address (the IP of the default
gateway).
How can I get this setup working?
You didn't mentioned version of OpenBSD you're using - 4.5?
If I understand you correctly, you should change your nat rule to:
nat on $ext_if proto tcp to port smtp -> ($embratel_if)
Remember that "pass ... route-to" routes the packet on the $ext_if
interface, and NAT occurs _before_ stepping through filter rules. So the
packet is on the $ext_if interface there too.
Thanks Vadim Zhukov,
That did the trick, really thanks, now I can do much more routing tricks
:)
Best regards,
Fabio Almeida
