Date: Mon, 23 Oct 2006 18:49:35 -0200 From: "Aristeu Gil Alves Jr" <aristeu.jr@gmail.com> To: freebsd-pf@freebsd.org Subject: reply-to+synproxy versus default route Message-ID: <2c84c1de0610231349k1c303ff1ie790d498d3ce47db@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
he reply-to is not working when it is used with synproxy. The scenario is described bellow: gw-isp1 e gw-isp2 are the IP from ISP 1 and 2 gateways: /etc/pf.conf ------------------------------------ if_isp1="ed0" if_isp2="ed1" if_internal="ed2" route1="( ed0 gw-isp1 )" route2="( ed1 gw-isp2 )" rdr on $if_isp1 proto tcp to port 25 -> 192.168.0.2 port 25 rdr on $if_isp2 proto tcp to port 25 -> 192.168.0.2 port 25 block in log all pass in quick on $if_isp1 reply-to $rota1 proto tcp to 192.168.0.2 port 25 synproxy state pass in quick on $if_isp2 reply-to $rota2 proto tcp to 192.168.0.2 port 25 synproxy state pass out quick on $if_internal to 192.168.0.2 port 25 keep state -------- The default route is ISP1 gateway. -------- The problem is that even pf feeding the route, the reply packet obey the route imposed by system default route. Ex: Syn packet comes from ISP2 interface and goes out with ISP1, resulting in comunication failure. When I use keep state instead of synproxy state, the comunication goes as expected. -- Aristeu Gil Alves Jr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2c84c1de0610231349k1c303ff1ie790d498d3ce47db>