Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 29 Oct 2016 10:14:53 +0000
From:      James Morris <jamesmorris8@outlook.com>
To:        Patrick Lamaiziere <patrick@davenulle.org>
Cc:        "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject:   Re: Forcing a route using pf
Message-ID:  <BM1PR01MB0209989640A31E056B4B75F68CAC0@BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <20161028132154.5a094476@mr185083>
References:  <BM1PR01MB020932CF4F49E57B708182A58CAA0@BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM> <20161027140324.GH51420@home.opsec.eu> <BM1PR01MB0209A82FCDD79E7FB9616B798CAA0@BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM> <20161027142417.GI51420@home.opsec.eu> <BM1PR01MB02099B2E0C2201991837E7EA8CAA0@BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM>, <20161028132154.5a094476@mr185083>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

I added the pf rule:

pass out on igb1 route-to ( igb0 10.0.0.1 ) from any to 10.10.10.100

But now when I try to reach 10.10.10.100 traffic goes out igb0 as expected,=
 but it has the source IP of igb1

# ping 10.10.10.100

# tshark -i igb0
Capturing on 'igb0'
  1   0.000000 10.10.10.10 -> 10.10.10.100  ICMP 98 Echo (ping) request  id=
=3D0xb403, seq=3D0/0, ttl=3D64
  2   0.001509 RealtekU_12:35:02 -> Broadcast    ARP 60 Who has 10.10.10.10=
? Tell 10.0.0.1
  3   1.020896 10.10.10.10 -> 10.10.10.100  ICMP 98 Echo (ping) request  id=
=3D0xb403, seq=3D1/256, ttl=3D64
  4   1.022268 RealtekU_12:35:02 -> Broadcast    ARP 60 Who has 10.10.10.10=
? Tell 10.0.0.1


Traffic is flowing out the correct interface, but has the wrong source IP a=
ddress.

What am I doing wrong here?

Thanks,

James



From: Patrick Lamaiziere <patrick@davenulle.org>
Sent: 28 October 2016 11:21
To: James Morris
Cc: freebsd-pf@freebsd.org
Subject: Re: Forcing a route using pf
=A0  =20
Le Thu, 27 Oct 2016 19:23:38 +0000,
James Morris <jamesmorris8@outlook.com> a =E9crit :

Hi,

Hello,

>=20
> While this does solve the issue of pushing traffic through igb0,
> however any income connections to igb1 from server B also get shunted
> out igb0.
>=20
> I was wondering if there is a way to do this in pf.

see PF route-to option.

Regards,

    =

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BM1PR01MB0209989640A31E056B4B75F68CAC0>