phoenix,
I tried your format. The clients were not able to get out of/past the server at all. I had to add this line:
Code:
${fwcmd} add 65200 allow all from any to any via ${int_if}
just to let them out at all. However, that gives them unlimited upload bandwidth (all outgoing packets hit this new rule instead of the individual "out xmit ${ext_if}" rules).
Any ideas?