Re: [Fwbuilder-discussion] pf - nat failed -> next try :(

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

>
> FIN_WAIT_2 is final state of tcp session, it looks like the
> session has been established and then closed.
>
> In one of your previous emails you said:
>
> > What I want: All traffic from 10.100.105.1 to
> 192.168.129.99, should
> > be "nated", to 192.168.129.1. So 192.168.129.99 see the traffic is
> > coming from 192.168.129.1.
>
> internal interface of the firewall has netmask 255.255.0.0,
> this explains all this variety of internal addresses
> (10.100.102.x, 10.100.105.x, 10.100.199.x)
> I am asumming internal machines are also configured with
> netmask of the same length.

all the internal hosts are in the /16 subnet, so these settings are fine.

> Your rules look ok to me. I have no experience with CARP so I
> can not comment on that. Also, you never explained what
> actually happens, what have you tried and what works and what
> does not.

my problem is, that the nat rules dont work, and I have no idea why.
the configuration I send, is from my test environment.
any other rules are working fine.

> > The testsystem looks like:
> >
> > External LAN 192.168.129.0/24
> >  ^
> >  |
> >  |   Master Firewall
> > ------------------------------------
> > |Real external fxp1:  192.168.129.2   |
> > |CARP external carp1: 192.168.129.1   |fxp2 192.169.127.2
> > |                                     |------------------>
> > |CARP internal carp0: 10.100.199.1    |
> > |Real internal: fxp0: 10.100.199.2    |
> > -------------------------------------
> >  |
> >  |
> > Internal LAN 10.100.0.0/16

thomas