Paul Cusbish wrote:
[ All, a bit of a late followup, but i've included some rules this time. Thanks for
your help ]
Hi there,
I have a common setup (seen it a few times on this list) -
xl0 LAN
fxp0 Cable / dynamic address
fxp1 ADSL / static (DNS, SMTP, HTTP etc...)
The default gateway is fxp0, of which is nat'd.
The fxp1 link is, as specified above, the "services" link. I have some reply-to rules
for SMTP, HTTP etc,
to avoid asymmetric routing, which works great.
I have BOTH links natting now.
I do tend to use IRC and Mail from the gateway, and not from the internal network.
How would the rules differ?
Here are the route-to rules that do not work:
nat on $cable_if from $internal_net to any -> ($cable_if) (NOTE: This is the
default route)
nat on $adsl_if from $internal_net to any -> ($adsl_if)
pass out quick on $adsl_if route-to ($adsl_if $adsl_route) inet proto tcp from any to any port 25 modulate state
Problem is that this rule cannot work. The default route is set
on $cable_if, therefore the "pass out quick on $ADSL_IF" rule
will never be kicks in. That is the classical chicken-and-egg
problem. you need to do something like:
pass out quick on $CABLE_IF route-to ($ADSL_IF...
But then, your nat rules will also need adjustments.
That's a PITA to get right, but that's doable.
Have fun!
Cedric
