i'd really appreciate any help on this topic to understand what's going on. from my understanding packets received on enc0 create the state, and after some rdomain handling via pf return traffic should also leave on enc0, so the state matches.
i can see via tcpdump packets on enc0 -> rdomain 15 -> $ntp reached and return traffic $ntp -> rdomain 10 ->but nothing leaves via enc0 again thanks for any help 2016-05-18 21:30 GMT+02:00 utob <[email protected]>: > hi, > > i'm using a carp+vlan+trunk setup and isakmpd. > after migrating to rdomains, i've planned to have $ext_if > and isakmpd+enc0 in different rdomains, but that didn't > work out, as nothing would listen on $ext_if:500 then. > > the main thing is, that communication via enc0 is only > possible if i drop the (if-bound) option. > > # not able to reach ntp > pass in on enc0 proto udp from $remote to $ntp \ > port 123 keep state (if-bound) rtable 15 > > # works > pass in on enc0 proto udp from $remote to $ntp \ > port 123 rtable 15 > > i'd like to understand the technical reason (or what > to change if needed) why you cannot use if-bound with > rdomains. > > thanks
