David Newman wrote:
Forget for a second what you *want* to have happen, and look at the
above snippets of your pf.conf. What's the *last* matching rule for
something on $ExtIfa?
Ah, good point, thanks. I tried flipping the order (and adding the :0
parameter) but the following still forwards
Darrin Chandler wrote:
rdr on $ExtIfa inet proto tcp from any to $ExtIfa port 25 -> $box2
rdr on $ExtIf inet proto tcp from any to $ExtIf port 25 -> $box1
Forget for a second what you *want* to have happen, and look at the
above snippets of your pf.conf. What's the *last* matching rule for
> Forget for a second what you *want* to have happen, and look at the
> above snippets of your pf.conf. What's the *last* matching rule for
> something on $ExtIfa?
For nat/rdr rules, it's the *first* match.
> >ExtIfa="1.2.3.5"
> >rdr on $ExtIfa inet proto tcp from any to $ExtIfa port 25 -> $box2
That says "rdr on 1.2.3.5": I doubt you have an interface named
1.2.3.5 ;)
I was surprised to see that pfctl parser doesn't reject this.
Darrin Chandler wrote:
Forget for a second what you *want* to have happen, and look at the
above snippets of your pf.conf. What's the *last* matching rule for
something on $ExtIfa?
Doh! Nevermind.
--
Darrin Chandler| Phoenix BSD Users Group
[EMAIL PROTECTED] | http://bsd.phoe
David Newman wrote:
ExtIf=xl1
ExtIfa="1.2.3.5"
rdr on $ExtIfa inet proto tcp from any to $ExtIfa port 25 -> $box2
rdr on $ExtIf inet proto tcp from any to $ExtIf port 25 -> $box1
Forget for a second what you *want* to have happen, and look at the
above snippets of your pf.conf. What's th
man pf.conf
xl1 represents all the IPs on x1 so either use the IP specifically or
use xl1:0
David Newman wrote:
> Looking for guidance on pf and aliases. I have an OBSD 3.8 box running
> pf in front of two SMTP servers.
>
> Here's my setup:
>
>
> Net -> 1.2
Looking for guidance on pf and aliases. I have an OBSD 3.8 box running
pf in front of two SMTP servers.
Here's my setup:
Net -> 1.2.3.4-> pf box -> box1 9.8.7.6
1.2.3.5 (alias)->-> box2 9.8.7.7
Problem is, pf sends all requests to box1, even those
8 matches
Mail list logo
