Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Aug 2009 22:12:03 +0200
From:      "Jan Aage Knutsen" <amig@amig.no>
To:        <freebsd-questions@freebsd.org>
Subject:   Route outgoing traffic on jail
Message-ID:  <000901ca19f6$d3da2aa0$7b8e7fe0$@no>

next in thread | raw e-mail | index | archive | help
Hi,

 

Im trying to route the outgoing traffic from a jail trough another gw than
the default one set on host with pf. 

 

The host is using internal address 192.168.10.5  and the default route is to
192.168.10.1 wich is  a dsl line.

The jail is using a public ip   that is on a fiber line where the gw is at
the isp and not in my place. I got a /29 from them.  I want this jail to use
the isp gw and not the default route.

So far I managed to get the reply-to rule to work. So traffic originating
from inet to jail works. But the inet traffic originating from the jail
still goes trough the defaultroute.

I also using trunking on the interface and have multiple vlans on it. And
the vlan traffic works fine. I can ping the isp1 gw from host etc.

 

Here is my pf config.

 

###############

#  Variables  #

###############

if_isp1="vlan2"

if_isp2="vlan1"

gw1="x.x.x.1"

gw2="192.168.21.1"

jail_ip="x.x.x.30"

 

###############

#    Rules    #

###############

#routing for isp1

pass in on $if_isp1 reply-to (vlan2 $gw1) from any to any keep state <-this
is the rule that works..

pass out on $if_isp1  route-to ($if_isp1 $gw1 ) from $jail_ip to any  <-
tried to mess around with this rule,

 

Any good ideas out there?  I also running 8.0 fyi.

 

 

Regards

Jan Aage




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901ca19f6$d3da2aa0$7b8e7fe0$>