I am attempting to replace a gateway (FreeBSD 6) that contains MANY external IPs on several different subnets. I have setup a new machine and copied all config files added what ever services and what not that should be there(or so I believe). However none of the traffic redirection is working. So I stripped everything down to make my life simple but still can not find a solution. At current I have a machine that has 2 different exteral ips on separate subnets. if I redirect the main ip which is in the same subnet as the gateway I have no issues. However when I try to redirect the other ip it is a miserable failure. I do not see the request making it to the internal machine no can I ping the alternet ip address. Belo are rc.conf and pf.conf which have been stripped down to this (ips change for obvious reasons):
rc.conf
pf.conf:
UPDATE: I ran a tcpdump of the interface and I can see the ping request and response, but it is getting lost somewhere, How can I find it?
13:33:39.082543 IP 1.2.3.4 > 4.3.2.1: ICMP echo request, id 1, seq 5593, length 40
13:33:39.082584 IP 4.3.2.1 > 1.2.3.4: ICMP echo reply, id 1, seq 5593, length 40
rc.conf
Code:
defaultrouter="2.4.6.8"
ifconfig_re0="inet 192.168.0.5 netmask 255.255.0.0 media 100baseTX mediaopt full-duplex"
ifconfig_re0_alias0="inet 192.168.0.10 netmask 255.255.255.255"
ifconfig_re1="inet 2.4.6.10 netmask 255.255.255.240 media 100baseTX mediaopt full-duplex"
ifconfig_re1_alias9="inet 5.5.2.2 netmask 255.255.255.224"
pf_enable="YES" # Enable PF (load module if required)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_flags="" # additional flags for pfctl startup
pflog_enable="YES" # start pflogd(8)
pflog_logfile="/var/log/pflog" # where pflogd should store the logfilepf.conf:
Code:
#send traffic to internal web server
rdr on re1 proto tcp from any to 5.5.2.2 port 80 -> 192.168.2.100 port 80
#make sure we go out with the correct ip
pass in quick on re0 route-to (re1 5.5.2.1) from 192.168.77.15/32 to any
pass out quick on re1 route-to (re1 5.5.2.1) from 5.5.2.1/27 to any
pass allUPDATE: I ran a tcpdump of the interface and I can see the ping request and response, but it is getting lost somewhere, How can I find it?
13:33:39.082543 IP 1.2.3.4 > 4.3.2.1: ICMP echo request, id 1, seq 5593, length 40
13:33:39.082584 IP 4.3.2.1 > 1.2.3.4: ICMP echo reply, id 1, seq 5593, length 40