From owner-freebsd-pf@FreeBSD.ORG Fri Feb 5 12:56:49 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FFF3106566B for ; Fri, 5 Feb 2010 12:56:49 +0000 (UTC) (envelope-from stefanferreira@gmail.com) Received: from mail-qy0-f190.google.com (mail-qy0-f190.google.com [209.85.221.190]) by mx1.freebsd.org (Postfix) with ESMTP id 03C778FC19 for ; Fri, 5 Feb 2010 12:56:48 +0000 (UTC) Received: by qyk28 with SMTP id 28so1730434qyk.25 for ; Fri, 05 Feb 2010 04:56:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=BVpEj1zvc7QxFQerdBMP3tM20/4LpoSSjefNViGoFJ8=; b=qBEPuAr8523tzQRII90QWOiY8mZNNEg9uCzx1GvzIuhrB8lF26YnMojyqZC9HwQp6/ UUzIs5zOKyUKnAIYOhXMfM9wQY4Y3DMq1ufnLol+kMz2BwFFiVaEDRyg0AcLjeoPmty2 4Pa2n5vtvmVViavyiVJyiajmVPcsiS9isQuLg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=PuN8fAX0xZzuRdefPWjCDLsaVRUwohXCqqgiipScB+SVaurJSug30QsB5RTSWwh/jV c3BHkJJ0YHI1nXo2jWHONOBQ+DD3tSu3iVES+Z8ab7aT3V+004DSvEvEwyP2KnKkqXWR TItv8FdnG4TYXSDwintKgjcQldkUzj5RhnXRI= Received: by 10.224.95.146 with SMTP id d18mr958326qan.83.1265374608081; Fri, 05 Feb 2010 04:56:48 -0800 (PST) Received: from ?192.168.8.120? (196-215-4-63.dynamic.isadsl.co.za [196.215.4.63]) by mx.google.com with ESMTPS id 21sm11406368vws.9.2010.02.05.04.56.45 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 05 Feb 2010 04:56:47 -0800 (PST) Message-ID: <4B6C157F.2080301@gmail.com> Date: Fri, 05 Feb 2010 14:56:31 +0200 From: Stefan User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091204 Lightning/1.0b1 Thunderbird/3.0 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <20100205123254.GN11310@obspm.fr> In-Reply-To: <20100205123254.GN11310@obspm.fr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: How make the route-to working ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Feb 2010 12:56:49 -0000 Hi Pf doesn't seem to be able to route packets on the outbound interface. Therefore you have to always put the route-to statements on "pass in on..." rules. I don't have experience setting up pf in a server environment, but I believe that rdr rules are normally used for what you are trying to achieve... Regards, Stefan On 2010-02-05 14:32, Albert Shih wrote: > Hi all, > > I've a problem with route-to. > > I've a server with 2 interfaces, and I'm running jail on this server. Each > interface have is own public IP address. > > eth0 -- IP0 eth1 -- IP1 > > and I've a default route (for example in IP0 subnet). > > So if the jail is in the IP0 subnet no problem everything work. > > Now if I put a jail in IP1 subnet, and some client try to connect to this > jail the answer come out through eth0 because of the default route (suppose > the client is not on my subnet). > > I don't want that. I want the answer come out through the eth1 > > I'm trying to use pf to do that and put in my pf.conf something like > > pass in all > pass out all > pass out on eth0 route-to {(eth0 IP0_Gateway)} from to ! IP0_subnet > pass out on eth1 route-to {(eth1 IP1_Gateway)} from to ! IP1_subnet > > but it's not working, if I run a tcpdump on the host I can see the > incoming packet come in from eth1 and the outgoing come out on eth0. > > And if I try do remove default route the outgoing packet don't come out.... > > Any help ? > > Regards. > > >