Hi I am trying to share the vpn with the whole lan:
lan ------- ------------
-------------------------------------| FW |----------------| Internet |
| en0 | ^ ------- ------------
------ ------- |
| A | | B | | lan default route
------- ------
| abc0
|
| VPN
|
My NAT rule works fine:
nat on abc0 from en0:network to any -> (abc0)
But this rule does not log:
pass in log on abc0
(those are the only rules)
Nothing gets logged coming in that interface unless it was not NATed.
My goal is actually this:
pass in log on abc0 route-to (en0 10.10.10.1) from !en0:network flags any
because I want to force packets coming back from the VPN to bounce off the default route on the local lan, since I am not going to copy all the vpn routes to every box on the lan, just the FW box, and the routes need to be symmetric.
Why can't pf see the packets coming back from the vpn if they were NATed?
Thanks.
lan ------- ------------
-------------------------------------| FW |----------------| Internet |
| en0 | ^ ------- ------------
------ ------- |
| A | | B | | lan default route
------- ------
| abc0
|
| VPN
|
My NAT rule works fine:
nat on abc0 from en0:network to any -> (abc0)
But this rule does not log:
pass in log on abc0
(those are the only rules)
Nothing gets logged coming in that interface unless it was not NATed.
My goal is actually this:
pass in log on abc0 route-to (en0 10.10.10.1) from !en0:network flags any
because I want to force packets coming back from the VPN to bounce off the default route on the local lan, since I am not going to copy all the vpn routes to every box on the lan, just the FW box, and the routes need to be symmetric.
Why can't pf see the packets coming back from the vpn if they were NATed?
Thanks.