Date: Thu, 20 Sep 2012 22:26:03 +0300 From: Michael Pounov <misho@elwix.org> To: freebsd-net@freebsd.org Cc: mikemacleod@gmail.com Subject: Re: Multiroute question Message-ID: <20120920222603.b5ebc4f5.misho@elwix.org> In-Reply-To: <CAM-FeoF5AjePpP_-yV6xh2Oea24d-EOuEoS_k4VSp6_7NYBMug@mail.gmail.com> References: <505B2555.40704@doblej.net> <20120920180115.ede9a2b8.misho@elwix.org> <CAM-FeoF5AjePpP_-yV6xh2Oea24d-EOuEoS_k4VSp6_7NYBMug@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I dont think that route-to is only for passthrough traffic :):):) This pf config work even traffic is originated from and to machine ;) :) Please read option careful in example ;) On Thu, 20 Sep 2012 13:25:50 -0400 Michael MacLeod <mikemacleod@gmail.com> wrote: > Actually, multiple routing tables is the correct solution. I documented it > here: > > http://www.mmacleod.ca/blog/2011/06/source-based-routing-with-freebsd-using-multiple-routing-table/ > > >From the post: "... But route-to and reply-to do not trump the default > routing table for traffic that originates or terminates on the router > itself. They are useful only for traffic passing through the router. pf can > only make routing decisions when a packet passes through an interface. It > can try and set the reply-to interface to be the second WAN connection when > an inbound SSH connection is made, but neither the SSH daemon nor the > routing table on the host know or care about the routing preferences of pf." > > On Thu, Sep 20, 2012 at 11:01 AM, Michael Pounov <misho@elwix.org> wrote: > > > Hi, Juan > > > > Use pf like in that simple example: > > > > $dsl_if = "CardA" > > $int_if = "CardB" > > $dsl_addr = "_dsl_if_ip_" > > $int_addr = "_int_if_ip_" > > $dsl_gw = "_dsl_gw_ip_" > > $int_gw = "_int_gw_ip_" > > > > set state-policy if-bound > > > > .... blah blah blah whatever rules ... > > > > pass out on $dsl_if route-to ($int_if $int_gw) from $int_if no state > > pass out on $int_if route-to ($dsl_if $dsl_gw) from $dsl_if no state > > > > # End pf example ;) > > > > On Thu, 20 Sep 2012 16:16:53 +0200 > > Juan José Sánchez Mesa <juanjo.listas@doblej.net> wrote: > > > > > Hi! > > > > > > (sorry for my bad english) > > > > > > I have a FreeBSD machine (8.2-RELEASE-p3). The machine has two ethernet > > > cards, configured in this way: > > > > > > - Card A: internet IP address > > > - Card B: intranet IP address > > > > > > Default route goes via card A. > > > > > > Now, on the intranet I have a "normal" DSL router. Then, using NAT i've > > > forewarded a simple port from the DSL to the intranet IP of this machine. > > > > > > The incoming packets from the DSL comes ok to the machine (via card B), > > > but the outgoing packet goes to card A, due to the default route. > > > > > > There is a way to configure the network so that outgoing packets goes to > > > the card from where the incoming packets was arrived ? > > > > > > Or is this impossible to configure ? > > > > > > Thanks!!! > > > > > > _______________________________________________ > > > freebsd-net@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > > > -- > > Best Regards, > > > > Michael Pounov > > ELWIX - embedded lightweight unix - > > > > WWW: http://www.elwix.org/ > > EMail: misho@elwix.org > > Skype: mpunov > > XMPP: misho@aitnet.org > > Phone: +359 888 737358; +359 899 737358 > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Best Regards! Michael Pounov <misho@elwix.org> +359 888 737358, +359 899 737358 WWW: http://www.elwix.org/ XMPP: misho@aitnet.org Skype: mpunov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120920222603.b5ebc4f5.misho>