Stefan <[email protected]> wrote on 26 Jan 2010 12:02: > I've googled this one to bits and pulled out quite a lot of hair: > Basically I need a way to route, using "route-to" filter rules, the > traffic originating on the freebsd router itself. The problem with doing > this is that pf only sees the packets on their way out, when an outbound > interface has already been chosen by the routing tables. Therefore pf's > route-to rules have no effect on locally originating traffic.
I had always some trouble with this approach. I used rules like nat inet from any to xxx port yyy tag IF2 -> $myaddr pass out quick on $iface from $myaddr to any tag IF2 pass out quick on $defaultinterface route-to ($iface $hisaddr) tagged IF2 Now I'm using an associated FIB (setfib(8)) for desired processes and it works very well without any trouble. Routed traffic is also assigned to the fib with pf's "rtable" option. Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
