Date: Tue, 02 Feb 2010 19:54:29 +0200 From: Stefan <stefanferreira@gmail.com> To: freebsd-pf@freebsd.org Subject: toute-to on lo0 not working? Message-ID: <4B6866D5.4060405@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi In my quest to route traffic originating on the freebsd machine, I've managed to loop back outbound traffic via lo0 so that I can try and route it inbound on lo0 (pf can't apply route-to logic to outbound traffic; by then it's to late to try and route it over a different interface). The loopback works when I switch off skip on lo0, and pass all lo0 traffic, so that traffic is definitely processed by pf. I also know the looping works, because when I try to ping an outside IP, I get a response that the TTL has been exceeded, and traceroute shows repeating entries of 127.0.0.1 (in other words, the packets jost loop back through the pf box repeatedly till their TTL is exceeded). The problem is the moment I change my rule to try and route the inbound traffic on lo0, the packets just seem to go nowhere. They are not routed correctly and I can't tell what happens to them. In the ruleset below, enabling the second rule results in the packets looping back to the pf box repeatedly, and the first rule results in the packets "disappearing". The only difference is the route-to statement, which works for all traffic originating elsewhere on the lan. #pass in quick on lo0 route-to (adsl-int0 196.210.140.129) from any to ! $IPs_LAN $KEEPSTATE $ALTQ_DEFAULT label zSA_Local tag zSA_Local #pass in quick on lo0 from any to ! $IPs_LAN $KEEPSTATE $ALTQ_DEFAULT label zSA_Local tag zSA_Local pass out quick all $KEEPSTATE tagged zSA_Local pass quick on lo0 Please help! I really need to route traffic originating on the pf box via pf, and not via rtables!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B6866D5.4060405>