Date: Mon, 26 Nov 2012 20:28:09 +0100 From: =?UTF-8?Q?oerik2011gcarney?= <oerik2011gcarney@o2.pl> To: alex200262@inbox.ru, freebsd-pf@freebsd.org, tycho@ele.uri.edu, printer@eecs.umich.edu Subject: =?UTF-8?Q?***?= Message-ID: <3feff2de.43f3fa30.50b3c2c9.9d9c2@o2.pl>
next in thread | raw e-mail | index | archive | help
i=20made=20the=20starbucks=20guy=20say=20large=20instead=20of=20venti=20I= =20HAVE=20ALREADY=20CONQUERED=20WEDNESDAY=20WHAT=20NOWhttp://ELISABETH.sh= 0rturl.ru/?name-DWIGHT From owner-freebsd-pf@FreeBSD.ORG Wed Nov 28 10:20:26 2012 Return-Path: <owner-freebsd-pf@FreeBSD.ORG> Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 38429DE7 for <freebsd-pf@freebsd.org>; Wed, 28 Nov 2012 10:20:26 +0000 (UTC) (envelope-from a.krivulya@compenta.com.ua) Received: from mail.lissoft.com.ua (mail.compenta.com.ua [217.76.201.83]) by mx1.freebsd.org (Postfix) with ESMTP id D333E8FC26 for <freebsd-pf@freebsd.org>; Wed, 28 Nov 2012 10:20:24 +0000 (UTC) Received: from [10.1.1.131] (helo=thinkpad.it-profi.org.ua) by mail.lissoft.com.ua with esmtpa (Exim 4.77 (FreeBSD)) (envelope-from <a.krivulya@compenta.com.ua>) id 1TdekZ-000DNr-8W for freebsd-pf@freebsd.org; Wed, 28 Nov 2012 12:20:15 +0200 Message-ID: <50B5E55F.9090702@compenta.com.ua> Date: Wed, 28 Nov 2012 12:20:15 +0200 From: Alexandr Krivulya <a.krivulya@compenta.com.ua> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:16.0) Gecko/20121030 Thunderbird/16.0.2 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Subject: Re: Problem with route-to option References: <CANUjZsN_3Q498PcLU5T4e_S9JW3iuodHrrTHjrEmeGWeLAK_Zw@mail.gmail.com> In-Reply-To: <CANUjZsN_3Q498PcLU5T4e_S9JW3iuodHrrTHjrEmeGWeLAK_Zw@mail.gmail.com> X-Enigmail-Version: 1.4.5 Content-Type: multipart/mixed; boundary="------------020701060208000909030100" X-SA-Exim-Connect-IP: 10.1.1.131 X-SA-Exim-Mail-From: a.krivulya@compenta.com.ua X-SA-Exim-Scanned: No (on mail.lissoft.com.ua); SAEximRunCond expanded to false X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" <freebsd-pf.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>; List-Post: <mailto:freebsd-pf@freebsd.org> List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 28 Nov 2012 10:20:26 -0000 This is a multi-part message in MIME format. --------------020701060208000909030100 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 25.11.2012 14:20, Shaymardanov Rushan пишет: > Hello. I have a problem using pf in Freebsd 9.0. > I'm using frebsd box as gateway and I have 2 ISP. I'd like to route some > clients via second provider and a'm using pf's route-to fuction for it: > > ( ... ) > nat on ng0 inet from 172.18.100.254 to any -> xx.xx.xx.157 > (...) > pass in route-to (ng0 10.0.0.1) inet from 172.18.100.254 to any tag SUBS > (...) > > Packets are routed correctly (via ng0), and nat works well, but IP checksum > is bad and I don't receive any response: > > gw# tcpdump -i ng0 -s 0 -v -n icmp > tcpdump: listening on ng0, link-type NULL (BSD loopback), capture size > 65535 bytes > 18:11:54.456027 IP (tos 0x0, ttl 128, id 218, offset 0, flags [none], proto > ICMP (1), length 60, bad cksum 9390 (->9093)!) > xx.xx.xx.157 > 8.8.8.8: ICMP echo request, id 3993, seq 171, length 40 > 18:11:59.480968 IP (tos 0x0, ttl 128, id 219, offset 0, flags [none], proto > ICMP (1), length 60, bad cksum 9290 (->9092)!) > xx.xx.xx.157 > 8.8.8.8: ICMP echo request, id 3993, seq 172, length 40 > 18:12:04.506907 IP (tos 0x0, ttl 128, id 220, offset 0, flags [none], proto > ICMP (1), length 60, bad cksum 9190 (->9091)!) > xx.xx.xx.157 > 8.8.8.8: ICMP echo request, id 3993, seq 173, length 40 > > Without route-to (if for example I change routing table for particular > destination address), checksums are good and traffic passes correctly. > > > Rushan Shaymardanov > Hello! I have exactly same issue with pf-nat and outgoing traffic from ng-interfaces. With ipfw nat there is no problem. Problem exists on 9.0, 9.1-RC3 and stable. --------------020701060208000909030100--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3feff2de.43f3fa30.50b3c2c9.9d9c2>