You can't unless you use a proxy unless you know the source IP the requests are coming from. Then you could add static routes pointing back to that subnet through the other gateway.

Holger

-----Original Message-----
From: Luiz Vaz [mailto:vaz.luiz-***@public.gmane.org]
Sent: Thursday, December 14, 2006 5:31 AM
To: support-***@public.gmane.org
Cc: Luiz Vaz
Subject: [pfSense Support] NAT and Routing

Hi all,

i had a stupid problem.
But i still can´t solve this... ;(

I had 2 hosts with pfsense:
- 192.168.0.253 : static
- 192.168.0.254 : adsl

The 192.168.0.254 is the default gateway on Lan.

I need to enable the port 211 on 192.168.0.253 to redirect to another machine inside LAN. Let's say 192.168.0.6...

Well, setup the redirection is easy.
But packets are gone crazy.

The request from 192.168.0.253 reach the 192.168.0.6, but try to go out from WAN of 192.168.0.254...

Ex.:
201.58.161.nnn = remote host
201.36.178.zzz = 192.168.0.253 wan
201.78.25.yyy = 192.168.0.254 wan

(states on 192.168.0.253)
self tcp 201.58.161.nnn:2746 -> 192.168.0.6:211 SYN_SENT:CLOSED
self tcp 192.168.0.6:211 <- 201.36.178.zzz:211 <-
201.58.161.nnn:2746 CLOSED:SYN_SENT

(states on 192.168.0.254)
self tcp 201.58.161.nnn:2746 <- 192.168.0.6:211 CLOSED:SYN_SENT
self tcp 192.168.0.6:211 -> 201.78.25.yyy:54832 ->
201.58.161.nnn:2746 SYN_SENT:CLOSED

What happen is that 192.168.0.254 block the packet beacuse the source don't started the connection thru him.


So, how can i force the packets to follow the correct path back to the 192.168.0.253?


Thanks in advanced,
Luiz vaz

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org For additional commands, e-mail: support-help-***@public.gmane.org