On Tue, 2007-11-13 at 14:17 -0200, Kleber Rocha wrote: > 10.1.1.78 tries to access the ip 10.1.100.210 on port 8080, the
If xl0 faces 10.1.1.0 (outside) and bge0 faces your local (inside) 10.1.100.0/24, then your "pass in" statement will create a state associated with inbound traffic. However, it will not automatically create an associated stateful "outbound" connection out/in your bge0. This is a common misunderstanding with pf(4) as a transit device. Default-block in policy routers have to have a default "pass out keep state" rule to get this PIX/ASA style behavior that most are used to. ~BAS
