Thread: nat HELP
View Single Post
  #2   (View Single Post)  
Old 1st February 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

You only show a PF rule fragment, so these are just guesses:

Guess #1: redirected traffic is blocked, you lack a pass rule for the redirected traffic.
Quote:
Originally Posted by PF Users Guide
NOTE: Translated packets must still pass through the filter engine and will be blocked or passed based on the filter rules that have been defined.
Guess #2: the traffic is passed, but the source is sending fragmented packets with the "don't fragment" bit set, which are being dropped by PF traffic normalization due to your scrub rule.

The pflog(4) facility can be used to determine if blocking is occurring. If your problem is due to your "scrub" rule, you can either change the rule and retest, or examine the packets on $ext1 and compare them with packets on $pc1.
Reply With Quote