On Tue, Jul 13, 2010 at 1:19 PM, Adam Thompson <athom...@c3a.ca> wrote: >> -----Original Message----- >> From: Bill Marquette [mailto:bill.marque...@gmail.com] >> Sent: Monday, July 12, 2010 8:30 PM >> To: support@pfsense.com >> Subject: Re: [pfSense Support] 1:1 multi-homed NAT broken? >> >> This sounds like a missing reply-to, but I'm not entirely sure why. >> The inbound SMTP rule should be overriding the routing and sending the >> traffic out the right path. Take a look at /tmp/rules.debug and see if the >> inbound SMTP rule has a reply-to on it. > > Looks right to me: > binat on em1 from 192.168.232.201/32 to any -> 67.226.137.178/32 > pass in quick on $wan proto tcp from any to <SBS> port = 25 keep state > queue (qwandef, qwanacks) label "USER_RULE: NAT forward inbound mail" > pass in quick on $OPT1 reply-to (em0 192.139.69.161) proto tcp from > any to <SBS> port = 25 keep state label "USER_RULE: NAT forward public web > sites" > > Yes, the comment about "web sites" is misleading - actually it's flat-out > wrong, I probably cloned the rule from the HTTP rule and forgot to edit the > comment. > > I'm not sure that the binat combined with reply-to actually works - as I > said, I realize this is a corner case that probably isn't (ever?) often > tested. Is there a way to limit binat to only affecting one public interface? >
hmmm, actually, that looks wrong. You're missing a reply-to on the $wan rule, so the reply traffic that should go out $wan is taking your static route out $OPT1. Not sure what the fix is, I haven't been in the code in way too long, hopefully one of the other devs can take a look. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
