dane johansen wrote:
Probably you run into this situation:
client (10.0.5.233 <http://10.0.5.233>) -> firewall (10.0.5.200
<http://10.0.5.200>) -> rdr -> server (10.0.5.81 <http://10.0.5.81>)
No servers see's that packet came in from the same subnet and goes
directly to the client which does not expect reply from 10.0.5.81
<http://10.0.5.81> it expects reply from 10.0.5.200 <http://10.0.5.200>.
You may want to read this:
http://www.openbsd.org/faq/pf/rdr.html#reflect
I figured out what the problem is/was and the document you referenced
helped me figure it out.
Basically my network is something like this
Internet <--> ext_if <--> Machine <--> vlan1/carp1 ( 10.0.1.0/24)
|
vlan50/carp50 ( 10.0.5.0/24)
I was basically trying to get clients from vlan1 to load balance across
machines on vlan50. Initially I had
rdr pass on vlan50 proto tcp to 10.0.5.200 port $ports_web -> 10.0.5.81
This doesn't work since traffic destined from 10.0.1.0 never hits
interface vlan50. I had to put a rdr on the interface traffic was coming
in from e.g. vlan1 so the correct working configuration is
rdr pass on vlan1 proto tcp to 10.0.5.200 port $ports_web -> 10.0.5.81
Thanks,
Vladimir
