Also, I don't see any NAT rules. Is the 'egress' interface blessed with a truly global IP and, therefore, NAT is not required?
If NAT is required, then you need additional rules and NAT rules -- done well -- can prevent 'leaks.'
/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
|