Hi
Pf doesn't seem to be able to route packets on the outbound interface.
Therefore you have to always put the route-to statements on "pass in
on..." rules.
I don't have experience setting up pf in a server environment, but I
believe that rdr rules are normally used for what you are trying to
achieve...
Regards,
Stefan
On 2010-02-05 14:32, Albert Shih wrote:
Hi all,
I've a problem with route-to.
I've a server with 2 interfaces, and I'm running jail on this server. Each
interface have is own public IP address.
eth0 -- IP0 eth1 -- IP1
and I've a default route (for example in IP0 subnet).
So if the jail is in the IP0 subnet no problem everything work.
Now if I put a jail in IP1 subnet, and some client try to connect to this
jail the answer come out through eth0 because of the default route (suppose
the client is not on my subnet).
I don't want that. I want the answer come out through the eth1
I'm trying to use pf to do that and put in my pf.conf something like
pass in all
pass out all
pass out on eth0 route-to {(eth0 IP0_Gateway)} from<IP0> to ! IP0_subnet
pass out on eth1 route-to {(eth1 IP1_Gateway)} from<IP1> to ! IP1_subnet
but it's not working, if I run a tcpdump on the host I can see the
incoming packet come in from eth1 and the outgoing come out on eth0.
And if I try do remove default route the outgoing packet don't come out....
Any help ?
Regards.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
