Date: Sun, 25 Nov 2012 18:20:34 +0600 From: Shaymardanov Rushan <rush.ru@gmail.com> To: freebsd-pf@freebsd.org Subject: Problem with route-to option Message-ID: <CANUjZsN_3Q498PcLU5T4e_S9JW3iuodHrrTHjrEmeGWeLAK_Zw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello. I have a problem using pf in Freebsd 9.0.
I'm using frebsd box as gateway and I have 2 ISP. I'd like to route some
clients via second provider and a'm using pf's route-to fuction for it:
( ... )
nat on ng0 inet from 172.18.100.254 to any -> xx.xx.xx.157
(...)
pass in route-to (ng0 10.0.0.1) inet from 172.18.100.254 to any tag SUBS
(...)
Packets are routed correctly (via ng0), and nat works well, but IP checksum
is bad and I don't receive any response:
gw# tcpdump -i ng0 -s 0 -v -n icmp
tcpdump: listening on ng0, link-type NULL (BSD loopback), capture size
65535 bytes
18:11:54.456027 IP (tos 0x0, ttl 128, id 218, offset 0, flags [none], proto
ICMP (1), length 60, bad cksum 9390 (->9093)!)
xx.xx.xx.157 > 8.8.8.8: ICMP echo request, id 3993, seq 171, length 40
18:11:59.480968 IP (tos 0x0, ttl 128, id 219, offset 0, flags [none], proto
ICMP (1), length 60, bad cksum 9290 (->9092)!)
xx.xx.xx.157 > 8.8.8.8: ICMP echo request, id 3993, seq 172, length 40
18:12:04.506907 IP (tos 0x0, ttl 128, id 220, offset 0, flags [none], proto
ICMP (1), length 60, bad cksum 9190 (->9091)!)
xx.xx.xx.157 > 8.8.8.8: ICMP echo request, id 3993, seq 173, length 40
Without route-to (if for example I change routing table for particular
destination address), checksums are good and traffic passes correctly.
Rushan Shaymardanov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANUjZsN_3Q498PcLU5T4e_S9JW3iuodHrrTHjrEmeGWeLAK_Zw>