-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Laurent CARON schrieb: > i have dynamic set to 1 in zone.tun (for openvpn). Ok, so this is the cause. I will add a warning in the default config about NAT'ting a dynamic network. It is no security problem to NAT all zones if you have the correct FORWARD[x] rules. You should restrict the FORWARD[x] rules in your zone.ext rules to only forward traffic to the networks you want to have NAT for (in your case the openvpn network).
Kind regards, Bastian - -- ,''`. Bastian Kleineidam : :' : GnuPG Schlüssel `. `' gpg --keyserver wwwkeys.pgp.net --recv-keys 32EC6F3E `- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDuR+DeBwlBDLsbz4RAhZuAJ0Wi2ubgJzcXkLs7FUz2Kh2EUO53wCfU2Gj hWVO/u5gr94MU3nGMfiCIQQ= =f6lc -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
