Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 5 Aug 2016 08:42:46 +0300
From:      Max <maximos@als.nnov.ru>
To:        freebsd-pf@freebsd.org
Subject:   Re: wan1 as default, wan2 dedicated to a service
Message-ID:  <3b256072-c7a5-8be7-dca0-0faf853e5432@als.nnov.ru>
In-Reply-To: <20160805030555.53101@relay.ibs.dn.ua>
References:  <20160805030555.53101@relay.ibs.dn.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello, Zeus.

Probably you should use
pass out log on $if_dvr reply-to ($if_wan2 $gw_wan2) to <dvr>
or
pass out log on $if_wan1 route-to ($if_wan2 $gw_wan2) from ($if_wan2)
or both rules.

Please check your state table and routing table.

05.08.2016 3:05, Zeus Panchenko пишет:
> hi,
> I need trivial thing but wondering where am I wrong ... :(
> help please
>
> I have two WAN interfaces: wan1 and wan2
> wan1 is default route interface, wan2 is dedicated for DVR (video)
>
> I'm trying to direct all output from DVR to wan2 (here I do not care of
> where a request to DVR came from, I want all replies to go out trough wan2)
>
> so, I hoped to do that with this pf.config
>
> ---[ start ]------------------------------------------------------------
> if_wan1 = "em0"
> if_wan2 = "igb0" # ip address A.B.C.D
> gw_wan2 = "E.F.G.H"
> if_dvr="vlan123"
> table <dvr> const { 10.0.0.0/24 }
> # redirect all requests on wan2 to DVR host1
> rdr pass on $if_wan2 proto { tcp, udp } to ($if_wan2) port 1234 -> 10.0.0.1 port 5678
> nat log on $if_wan2 from <dvr> to any -> ($if_wan2)
> ...
> pass in log on $if_dvr route-to ($if_wan2 $gw_wan2) from <dvr> to any keep state
> ---[ stop  ]------------------------------------------------------------
>
> as results,
> I see requests from world on $if_wan2
> I see redirects of the requests, out packets on $if_dvr
> I see replies to the requests, in packets on $if_dvr
> but I see ($if_wan2) sourced replies, and I see them on *$if_wan1*
>
> so, as I understand ... route-to works, otherwise replies wouldn't be
> from ($if_wan2)
>
> but nated replies appears on $if_wan1 what is default route ... so
> ... how can I have replies go out through $if_wan2? is it question of
> the second routing table?
>
> please, advise

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3b256072-c7a5-8be7-dca0-0faf853e5432>