Ok finally fixed it. It was the case of wrong pass out rules that caused 'no route to host' when i either ftp'd, ping, etc.
Wrong pass out rule:
pass out quick on $ext_if proto tcp to any port $tcp_services
pass out quick on $ext_if proto udp to any port $udp_services
Correct pass out rule:
pass out on $ext_if proto tcp from any to any flags S/SA modulate state
pass out on $ext_if proto { udp, icmp } from any to any keep state
Case closed.
|