On Thu, Feb 11, 2010 at 4:38 PM, geoffroy desvernay <[email protected]> wrote: > Albert Shih a écrit : >> Hi all, >> >> I've a problem with route-to. >> >> I've a server with 2 interfaces, and I'm running jail on this server. Each >> interface have is own public IP address. >> >> eth0 -- IP0 eth1 -- IP1 >> >> and I've a default route (for example in IP0 subnet). >> >> So if the jail is in the IP0 subnet no problem everything work. >> >> Now if I put a jail in IP1 subnet, and some client try to connect to this >> jail the answer come out through eth0 because of the default route (suppose >> the client is not on my subnet). >> >> I don't want that. I want the answer come out through the eth1 >> >> I'm trying to use pf to do that and put in my pf.conf something like >> >> pass in all >> pass out all >> pass out on eth0 route-to {(eth0 IP0_Gateway)} from <IP0> to ! IP0_subnet >> pass out on eth1 route-to {(eth1 IP1_Gateway)} from <IP1> to ! IP1_subnet >> >> but it's not working, if I run a tcpdump on the host I can see the >> incoming packet come in from eth1 and the outgoing come out on eth0. >> >> And if I try do remove default route the outgoing packet don't come out.... >> >> Any help ? >> >> Regards. >> >> > Hi, > > I'm using that for the same case: > > You just have to catch packets on the interface they would go normally: > > pass out on *eth0* route-to {(eth1 IP1_Gateway)} from <IP1> to !eth1:network > > The other rule is not needed in this case > > You may also try instead a 'reply-to' rule on eth1's inbound, as David > DeSimone suggested. > > A third and cleaner solution would be to use multiple routing-tables - > see setfib(1) and 'options ROUTETABLES' of the kernel...
I have searched the net high and low and I can not find any good examples on how to use multiple routing tables. I agree that it would be cleaner do you have a example of how to do this? if anyone has links to examples for Multiple routing tables examples post them please. Sam Fourman Jr. Sam Fourman Jr. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
