• was just trolling through the /tmp/rules.debug like a good sys admin
    and found these bits in my NAT Inbound redirects section

    NAT Inbound redirects

    rdr on $wireless proto tcp from any to any port { 25 } -> xxx.xxx.xxx.xxx port 25
    rdr on $pppoe proto tcp from any to any port { 25 } -> xxx.xxx.xxx.xxx port 25
    rdr on $lan proto tcp from any to any port { 25 } -> xxx.xxx.xxx.xxx port 25
    no nat on vlan0 proto tcp from vlan0 to 10.4.2.32/29
    nat on vlan0 proto tcp from 10.4.2.32/29 to xxx.xxx.xxx.xxx port 25 -> vlan0

    i am cool with the rdrs as those are my rules. but the ones on vlan0 to do with nat and no nat have me stumped
    the rules on each interface are very much the same the firewall is outbound only.

    would love to know what they are for and why the other interfaces do not have them as well


  • /*    does this rule redirect back to a internal host?
    *    if so, add some extra goo to help this work.
    */
    $rule_friendly_if  = convert_friendly_interface_to_real_interface_name($rule['interface']);
    $rule_interface_ip = find_interface_ip($rule_friendly_if);
    $rule_interface_subnet = $config['interfaces'][$rule['interface']]['subnet'];
    $rule_subnet = gen_subnet($rule_interface_ip, $rule_interface_subnet);
    if($rule['external-address'] == "any" and $rule['interface'] == "lan") {
    $natrules .= "\n";
    $natrules .= "no nat on {$rule_friendly_if} proto tcp from {$rule_friendly_if} to {$rule_subnet}/{$rule_interface_subnet}\n";
    $natrules .= "nat on {$rule_friendly_if} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$extport[0]} -> {$rule_friendly_if}\n";
    }


  • ok but the host is external not internal. oh well it does not seem to create a problem