2.0-RC NAT Port Forward LAGG interfaces.



  • This is my problem at hand.  I'm trying to forward FTP and HTTP to a machine behind my firewall.  I've setup the NAT port-forward rules using linked rules.  When ever I try to hit FTP or HTTP I see the connection in the log being denied. When I hit the red button with a white X.  I see the following message on the denyed connection.

    The rule that triggered this action is:

    @1 scrub in on lagg0 all fragment reassemble
    @1 block drop in log all label "Default deny rule"

    I'm going to attach a png with my rules for the FTP port forward.



  • Can you please show us the firewall rules on top of you NAT firewall rule ?
    Firewall rules are working from top to down. Perhaps there is a rule before this rule which blocks ftp transfer.



  • If that was the case it wouldn't say that is was getting dropped by the default rule.  When I look at pfctl -s nat I don't see any rules or even if I do a pfctl -sr that show rules allowing traffic to 10.50.1.20.



  • Guessing you're on a snapshot where check_reload_status isn't working right (some day(s) last week), upgrade to the latest if that's the case.



  • I'll give that a try.


Locked