[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: perPLEXed, NAT issues



On Tue, 5 Nov 2002, Nathaniel Fisher wrote:
> pass out quick on { lo0, enc0, $int_if } all
> pass in quick on { lo0, enc0, $int_if } all
> block out quick proto tcp all flags /S
> block in quick proto tcp all flags /S
> pass out on $ext_if inet proto tcp from $ext_if to any \
> flags S/SA keep state
You are not keeping state on int_if.  Add 'keep state' to the 'lo0, enc0,
$int_if' rules above.
Or remove the very non-obvious 'flags /S' rules.
--
Cam