> -----Original Message-----
> From: Bill Marquette [mailto:[email protected]]
> Sent: Monday, July 12, 2010 8:30 PM
> To: [email protected]
> Subject: Re: [pfSense Support] 1:1 multi-homed NAT broken?
>
> This sounds like a missing reply-to, but I'm not entirely sure why.
> The inbound SMTP rule should be overriding the routing and sending the
> traffic out the right path. Take a look at /tmp/rules.debug and see if the
> inbound SMTP rule has a reply-to on it.
Looks right to me:
binat on em1 from 192.168.232.201/32 to any -> 67.226.137.178/32
pass in quick on $wan proto tcp from any to <SBS> port = 25 keep state
queue (qwandef, qwanacks) label "USER_RULE: NAT forward inbound mail"
pass in quick on $OPT1 reply-to (em0 192.139.69.161) proto tcp from any
to <SBS> port = 25 keep state label "USER_RULE: NAT forward public web sites"
Yes, the comment about "web sites" is misleading - actually it's flat-out
wrong, I probably cloned the rule from the HTTP rule and forgot to edit the
comment.
I'm not sure that the binat combined with reply-to actually works - as I said,
I realize this is a corner case that probably isn't (ever?) often tested. Is
there a way to limit binat to only affecting one public interface?
-Adam Thompson
Chief Technical Architect, C3A Inc.
[email protected]
(204) 272-9628 / fax: (204) 272-8291
