Date: Fri, 4 Mar 2005 18:49:27 +0100 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Ben Shelton <fbsd-pf@shelton.ca> Cc: freebsd-pf@freebsd.org Subject: Re: pf routing issue? Message-ID: <20050304174927.GC6369@insomnia.benzedrine.cx> In-Reply-To: <42289DEA.5050205@shelton.ca> References: <42289DEA.5050205@shelton.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 04, 2005 at 09:42:02AM -0800, Ben Shelton wrote: > pass in quick inet proto tcp from any to x.x.x.x keep state This allow only incoming packets (on any interface). It does not allow packets to go out through any interface. Even if a packet first comes in on one interface, and is then routed out through another interface, that second step is blocked, because the rule does not allow packets to go out through any interface. What else did you expect the 'in' option in that rule to do? If I understand you correctly, you've been trying to connect _from_ the firewall to another host (getting the 'no route to host' error, which has a new additional meaning, issued also when pf blocks an outgoing packet from a local socket), so you should expect outgoing packets on some interface... Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050304174927.GC6369>