Joel Goguen wrote: > On Fri, 08 Dec 2006 17:01:10 +0100, Mitja <[EMAIL PROTECTED]> wrote: >> Joel Goguen wrote: >>> On Fri, 08 Dec 2006 15:16:50 +0100, Mitja <[EMAIL PROTECTED]> wrote: >>> [snip] >>>> # pfctl -s all >>>> TRANSLATION RULES: >>>> nat on em1 inet from 192.168.1.0/24 to any -> (em1:0) >>> If em1 is only serving the one IP address, try changing em1:0 to em1 and >> see if that works. >> >> Checked that option. It is the same...not working. > Upon closer review, I realize that I'm an idiot for even suggesting it :) > > You have a route that goes from your internal LAN (192.168.1.0/24) to em1 > (193.189.180.193). > You have another route that goes from 192.168.1.0/24 to your closest ISP > interface (193.77.12.154).
Correct. > When you set up NAT from LAN to em1 and then ping an address that the routing > table says is > accessible from bge0, you skip NAT since you're not going out on em1. You're > going out on bge0, > which means that no translation is done. I'm not sure if it's possible to > ping from LAN and have Correct again. This is the point of the problem. It is actually possible to set NAT or remove a route from LAN to bge0? > your source IP be that of em1, but I think you can just add a second NAT rule > to allow NAT on bge0. > Someone beat me with a cluestick if I'm wrong :) So you'd end up with your > NAT section being: > nat on em1 inet from 192.168.1.0/24 to any -> (em1:0) > nat on bge0 inet from 192.168.1.0/24 to any -> (bge0:0) Actually natting from bge0 works so I think it will also work your idea, but the source IP will not be that from em1. > Again, I don't know if that would actually work, but that's the only other > idea I have now. Let's try this. It works, but the source IP is from bge0 my external interface (193.77.12.154). Regards, Mitja
