On Mon, Apr 03, 2023 at 10:53:26AM +0100, Kaya Saman wrote: > Hey guys, >
... > Taking an excerpt from the website I was following: > > https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/ > > Citing: > > Creating a loopback interface in rdomain 2 so that Host 1 can talk to Host 2 > would look like: > > ifconfig lo2 rdomain 2 127.0.0.1 > route -T 2 add 192.168.1/24 127.0.0.1 > Since lo2 is created inside rdomain 2, the IP address assigned to it doesn't > conflict with lo0 in rdomain 0. > > > Sure I can see traffic inside one of the loopbacks and tcpdump does claim > "pass out" but then nothing else happens. The other loopback interfaces have > no traffic in them and the destination network has no traffic either. This is very much expected since you probably did not carefully read the cited website. You need a special pf.conf setup to make that work. As one caveat mentioned in the article is that the default pf.conf rulesets skips lo(4) interfaces and so the traffic will just be dropped (since there is no state lookup and so no way to bounce the reverse traffic back into the other rdomain). In general I would suggest use pair(4) to route traffic between rdomains. Doing it in pf(4) gives you more control but it requires careful handling of the rulesets (as you noticed). -- :wq Claudio
