View Single Post
  #8   (View Single Post)  
Old 22nd October 2011
wlm2 wlm2 is offline
Port Guard
 
Join Date: Jun 2011
Posts: 32
Default Finally its WORKING :)

thank you jggimi For all your help and patience!
now its working but Frankly I'm not so sure how
I'd love if you could help me understand The following line:

match out on egress inet from !(egress) to any nat-to (egress:0)

The part I do not understand is how !(egress) represent my VR1 interface
and (egress:0) represent my VR0 Interface ...

this is the working configuration:
Code:
ext_if = "vr0"
int1_if = "vr1"
#
set block-policy drop
set loginterface $ext_if
set limit { frags 5000, states 10000 }
set state-policy floating
set optimization normal
set ruleset-optimization basic
set timeout interval 10
set timeout frag 30
set skip on lo
#
match out on egress inet from !(egress) to any nat-to (egress:0)
block return #all
antispoof for $ext_if inet
#
pass out quick keep state
pass in  quick on $int1_if

Last edited by ocicat; 22nd October 2011 at 07:31 AM. Reason: *Please* use [code] & [/code] tags when posting screen output!
Reply With Quote