On Mon, Sep 22, 2008 at 02:25:01AM -0700, Parvinder Bhasin wrote: > On Sep 22, 2008, at 1:14 AM, Stuart Henderson wrote: > >> On 2008-09-22, Parvinder Bhasin <[EMAIL PROTECTED]> wrote: >>> I have users that can access the website fine (75.44.229.18) and some >>> user that complain they can't access it. >> >> Include the dmesg so we can see what OS version you're running. >> Set pfctl -x misc and watch /var/log/messages, include any output >> from around the time of a failed connection. Include the relevant >> state table entries from pfctl -vss. > > Here is the output from pfctl -vss - with the host(75.18.177.36) trying > to access the website:
Please do that again, but grep only the relevant bits. I'm not going to sift through all the noise. $ sudo pfctl -ss | grep 75.18.177.36 I'm pretty sure your outbound nat needs to be moved *after* your rdr's. I think the inbound traffic is having the src_addr translated to your firewall's ($ext_if). -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
