On Mon, Jul 14, 2008 at 09:48:22PM -0700, Parvinder Bhasin wrote:
> Actually Ryan, when I do the aliases way , do I still need the binat  
> statements?  because when I use aliases and binat statements together,  
> it doesn't work.
> Without the binat statements and with aliases everything works fine??  
If you do aliases without the binat, you're not connecting to your
natted hosts, you're connecting to your firewall.

> what gives?

Oh, I missed this before:

> pass in on $ext_if proto tcp from any to port 80
> pass in on $ext_if proto tcp from any to port 25

Filtering happens AFTER translation, so you need to filter on the real
addresses of the hosts, not the alias addresses.

Reply via email to