Hi Vlad > > Message: 1 > Date: Sat, 25 Feb 2006 02:48:21 +0200 > From: "Vlad GALU" <[EMAIL PROTECTED]> > Subject: reply-to doesn't seem to work > To: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > I have a machine with two interfaces. On one of them there is a > webserver listening for client connections. The machine's default > route is through the other interface. > Let's assume the interfaces are called if1, if2 and that the > webserver is listening on if2. > I have a rule like this: > pass in quick on $if2 reply-to ($if2 $if2gw) inet proto tcp from > any to ($if2) port = 80 flags S/SA keep state. > The replies should leave the box through if2, right ? Well, they > don't. I had to add a rule like this: > pass out quick on $if1 route-to ($if2 $if2gw) inet from ($if2) to any "pass in quick on $if2 " --> pass incomming packets from your webserver "pass out quick on $if1" ->pass outgoing packets to defalut path Think about directions "in/out" that way: You are inside the box, the incoming packets are these that arrived from outside to you and the outgoing traffic are the packets that travel from you to outside > I can see the reply-to rule creating states, and yet it doesn't > work as advertised. Ideas, anybody ? > > > -- > If it's there, and you can see it, it's real. > If it's not there, and you can see it, it's virtual. > If it's there, and you can't see it, it's transparent. > If it's not there, and you can't see it, you erased it. > > > ------------------------------ > > Message: 2 > Date: Sat, 25 Feb 2006 02:49:35 +0200 > From: "Vlad GALU" <[EMAIL PROTECTED]> > Subject: Re: reply-to doesn't seem to work > To: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > On 2/25/06, Vlad GALU <[EMAIL PROTECTED]> wrote: > [...] > > Sorry, I forgot to mention that this happens on 6.1-PRERELEASE. I > couldn't check on other versions, unfortunately. > > -- > If it's there, and you can see it, it's real. > If it's not there, and you can see it, it's virtual. > If it's there, and you can't see it, it's transparent. > If it's not there, and you can't see it, you erased it. > > > ------------------------------ > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > End of freebsd-pf Digest, Vol 75, Issue 4 > ***************************************** >
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
