Crud, that explains a lot... I at least think that I have the outbound NAT entries setup for WAN and OPT1:
nat on xl2 from 192.168.1.0/24 to any -> (xl2) nat on xl1 from 192.168.1.0/24 to any -> (xl1) I seem to be stuck trying to create an outbound rule. Everything I try says "pass in" in the User-defined rules section of rules.debug. :( On 8/23/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > On 8/23/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > As a test, I tried to create a rule to send all VNC traffic over the > > > > OPT1 WAN interface, but it always used the default WAN interface. > > > > > > > > I must be missing something. How can this be done when the second WAN > > > > interface has a static IP? > > > > > > Possibly, possibly not. Check /tmp/rules.debug for the rule that > > > your adding and please post it here to see if the gateway portion is > > > being added correctly for the rule in question. > > > > # NAT Inbound Redircts > > ... > > rdr on xl2 proto tcp from any to port 5900 -> 192.168.1.230 port 5900 > > rdr on xl1 proto tcp from any to port 5900 -> 192.168.1.230 port 5900 > > > > # User-defined rules follow > > ... > > pass in quick on $WANII proto tcp from any to { 192.168.1.230 } port = > > 5900 keep state label "USER_RULE: NAT Allow VNC to buzz via WAN2" > > ... > > That's inbound. The multi-wan code we're talking about is outbound. > By default inbound traffic to an IP will return out the > interface/gateway it came in on (as long as you have a gateway setup > in the interface config). It's up to the user to get the inbound > traffic on the right link, via DNS, or IP, or whatever other trick. > > --Bill > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]