[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

blocked connections from int_net -> fw -> int_net



Hello all...

can anyone help me with this puzzle?

I have a rdr load-balancer to 2 internal servers. It works fine when I connect from the external world to the webservers (1.2.3.4 -> 66.36.236.81 -> {192.168.0.13, 192.168.0.14})

But if I try to connect from the internal net back to the webservers I get a blocked connection (192.168.0.13 -> 66.36.236.81 -> {192.168.0.13, 192.168.0.14})

--------------------------
ext_if="fxp0"
int_if="fxp1"
int_net = "192.168.0.1/24"
gateway = "192.168.0.1"
table <ext_ips> const {66.36.236.81}
table <int_ips> persist {192.168.0.13 192.168.0.14}
# translation
rdr on $ext_if proto tcp from any to <ext_ips> port {80 443} -> <int_ips> sticky-address
nat on $ext_if from $int_net -> ($ext_if:0)


# filter
pass in quick log on $ext_if proto tcp from any to <int_ips> port {80 443} flags S/SA keep state (max 2000)
pass out quick keep state
block in log quick on $ext_if
----------------------------