[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Tcpdump grepped for the machine: RE: Trouble with route-to:
On Wed, Mar 09, 2005 at 10:19:17PM -0800, Ben wrote:
> Mar 09 22:10:45.682221 0:9:5b:12:43:xx 0:c:f1:91:70:xx 0800 62:
> 192.168.1.132.1273 > 126.96.36.199.80: S 417417262:417417262(0) win 16384
> <mss 1460,nop,nop,sackOK> (DF)
> $internal_net = 192.168.1.0
> nat on rl0 from $internal_net to !$internal_net -> (rl0)
> nat on rl1 from $internal_net to !$internal_net -> (rl1)
> pass in on em0 route-to (rl1 gw1) from 192.168.1.132 to !$internal_net keep state
If you really defined internal_net as 192.168.1.0, and not
192.168.1.0/24, neither of those three rule matches the packet, because
192.168.1.132 is not within 192.168.1.0/32. Leaving out the /network
part means /32 (for IPv4) in pf.
If you misquoted your ruleset, quote precisely.