From owner-freebsd-bugs@FreeBSD.ORG Sun Mar 11 01:40:06 2007 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5F6B916A46C for ; Sun, 11 Mar 2007 01:40:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 2649913C48E for ; Sun, 11 Mar 2007 01:40:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l2B1e5cF080437 for ; Sun, 11 Mar 2007 01:40:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l2B1e5HY080436; Sun, 11 Mar 2007 01:40:05 GMT (envelope-from gnats) Resent-Date: Sun, 11 Mar 2007 01:40:05 GMT Resent-Message-Id: <200703110140.l2B1e5HY080436@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dmitro Tarasyuk Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8E41316A400 for ; Sun, 11 Mar 2007 01:38:07 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [69.147.83.33]) by mx1.freebsd.org (Postfix) with ESMTP id 7F91B13C478 for ; Sun, 11 Mar 2007 01:38:07 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l2B1c7mR021024 for ; Sun, 11 Mar 2007 01:38:07 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id l2B1c7ZO021023; Sun, 11 Mar 2007 01:38:07 GMT (envelope-from nobody) Message-Id: <200703110138.l2B1c7ZO021023@www.freebsd.org> Date: Sun, 11 Mar 2007 01:38:07 GMT From: Dmitro Tarasyuk To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.0 Cc: Subject: kern/110174: pf pass route-to does not assign correct IP for the packets created on the same pf-host X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2007 01:40:06 -0000 >Number: 110174 >Category: kern >Synopsis: pf pass route-to does not assign correct IP for the packets created on the same pf-host >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 11 01:40:05 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Dmitro Tarasyuk >Release: 6.2 >Organization: NDIASB >Environment: FreeBSD ndiasb.kiev.ua 6.2-STABLE FreeBSD 6.2-STABLE #2: Tue Feb 20 16:08:32 EET 2007 su@ndiasb.kiev.ua:/usr/src/sys/i386/compile/NDIASB i386 >Description: FreeBSD was installed as NAT server, transparent proxy squid server for the local network with 3 interfaces, one for LAN and $if1 and $if2 for the ISP1 and ISP2. Default route is assigned to the $if1_gw. Rules into pf.conf below have to provide traffic splitting through table "xnets". table perist .. pass out quick log on $if1 fastroute inet from $if1 to keep state pass out quick log on $if1 route-to ( $if2 $if2_gw ) inet from $if1 to ! keep state It mean I want to route packets _created_on_the_same_server_ where pf works through $if2 interface if destination IP does not belong to the table "xnet". Otherwise they have to be routed in standard way and must go through $if1 as default. If the packet is created in the local server without assigning source IP address (widespread case), system has to assign source IP in compliance with the routing table. When this packet satisfies the route-to rule above, obviously pf have to change source IP with IP of the $if2, not $if1. But tcpdump shows that it is wrong. I think this is the bug. >How-To-Repeat: Always >Fix: >Release-Note: >Audit-Trail: >Unformatted: