From owner-freebsd-questions@FreeBSD.ORG Sun Dec 9 18:51:43 2007 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7B37C16A420 for ; Sun, 9 Dec 2007 18:51:43 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-in04.adhost.com (mail-in04.adhost.com [216.211.128.131]) by mx1.freebsd.org (Postfix) with ESMTP id 6223413C4CC for ; Sun, 9 Dec 2007 18:51:43 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from ad-exh01.adhost.lan (unknown [216.211.143.69]) by mail-in04.adhost.com (Postfix) with ESMTP id 25F11192843 for ; Sun, 9 Dec 2007 10:51:42 -0800 (PST) (envelope-from mksmith@adhost.com) Received: from [192.168.0.101] ([10.142.3.36]) by ad-exh01.adhost.lan with Microsoft SMTPSVC(6.0.3790.3959); Sun, 9 Dec 2007 10:51:42 -0800 Message-Id: From: Michael Smith To: questions@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v915) Date: Sun, 9 Dec 2007 10:51:41 -0800 X-Mailer: Apple Mail (2.915) X-OriginalArrivalTime: 09 Dec 2007 18:51:42.0222 (UTC) FILETIME=[89D752E0:01C83A94] X-TM-AS-Product-Ver: SMEX-7.5.0.1243-5.0.1023-15594.003 X-TM-AS-Result: No--5.617800-5.000000-2 X-TM-AS-User-Approved-Sender: No X-TM-AS-User-Blocked-Sender: No Cc: Subject: Problem with NAT/RDR in PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Dec 2007 18:51:43 -0000 Hello All: I am trying to configure a round-robin group of Name Servers that respond on to and from a single address. I want the following to occur: 1) DNS query from 10.211.128.1 to 10.212.1.1 is redirected to a pool of name servers 2) One of the name servers responds to the query 3) The response shows a source address of 10.212.1.1, not the actual name server -- Here are the relevant configuration snippets. vlan821_if="vlan821" # This is the physical interface of the Name Servers vlan6_if="vlan_6" # This is the physical interface of the querying servers nr_net="10.212.1.0/24" # Name Resolver network mail_net="10.211.0.0/16" # Querying server network nr_01_int="10.212.1.11" #Define table for Name Resolvers table persist { \ $nr_01_int \ } nat on $vlan821_if from $nr_net to $mail_net -> 10.212.1.1 rdr on $vlan6_if proto { udp tcp } from any to 10.212.1.1 port 53 -> round-robin pass in on $vlan821_if inet proto tcp from $nr_net to any pass in on $vlan821_if inet proto udp from $nr_net to any pass in on $vlan6_if inet proto udp from $mail_net to $nr_net pass in on $vlan6_if inet proto tcp from $mail_net to $nr_net -- With this configuration, when I do a host lookup with 10.212.1.1 as the server address, I get this: ;; reply from unexpected source: 10.212.1.11#53, expected 10.212.1.1#53 So, it's my assumption that the "rdr" statement is working, but the "nat" statement is not. If anyone can help with this I would appreciate it greatly. Regards and Thanks, Mike mksmith@adhost.com