Only on the dc0 interface. the 192.168.3.0/24 block is on the dc1 interface.
The dc0 interface goes to the internet... I don't want/need to send anything from
192.168/16 to the internet
since their 1918 addys...
-Shawn
>
>
>
>
>> Do you have all routing set up correctly? Is the network that
>> 192.168.3.250 is on in the same subnet as one of the firewall
> interfaces? Or is it a separate network?
>> You'd need to add a route for it if it's separate.
>> I had something funky happen with my routes at one point and had to
> re-add.
>>
>> Good luck
>>
>>> I enable it.. what happens.. I loose connectivity to all the
> networks. Nothing can see anything outside
>>> of their network.
>>> do a ping from the firewall, and you get:
>>>
>>> ping: sendto: No route to host
>>> ping: wrote 192.168.3.250 64 chars, ret=-1
>>>
>>>
>>> Anyone have any ideas?
>
> block in log quick on dc0 inet from { 172.16.0.0/12 , 192.168.0.0/16
>
> the 192.168.3.250 is included in this rules ?
