Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Mar 2021 21:01:09 -0800
From:      Ultima <ultima1252@gmail.com>
To:        Ludovit Koren <ludovit.koren@gmail.com>
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: PF - reply-to
Message-ID:  <CANJ8om5_2_2oGZ4_zj4y_Xg04V5MXzy99_YV-Z4pwQic=GRdEw@mail.gmail.com>
In-Reply-To: <86y2exubbq.fsf@gmail.com>
References:  <8635x6vli2.fsf@gmail.com> <CANJ8om5RJBD=EmzRPpD_+avrRgpWBNGj9NbXfyUdOKcaL00vgA@mail.gmail.com> <86y2exubbq.fsf@gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hello Ludovit,

I'm going to need to see pf.conf and routing table to help further.
Feel free to obfuscate if required. It may also help if you ask the
freebsd-net and freebsd-pf mailing list as well.

Best regards,
Richard Gallamore

On Mon, Mar 8, 2021 at 3:36 AM Ludovit Koren <ludovit.koren@gmail.com>
wrote:

> >>>>> Ultima  <ultima1252@gmail.com> writes:
>
>     > Hey Ludovit,
>     > More details would be helpful. There can be a few reasons why it is
> not working that I can see.
>
>     > 1. Do you have an rdr rule to redirect to $web_addr for the pass
> rule?
>
> yes, I have a rdr rule. but there are rules without rdr and it seems
> they are not working either.
>
>     > 2. Rules out of order
>
> I do not understand. I have definitions, nat, rdr, and rules.
>
>     > 3. Conflicting rules.
>
> I did not find any.
>
>     > The best way to debug this would be logging the rules and watching
> where the traffic is going via tcpdump.
>
> I did exactly what you suggest. The block rule logged reset packet from
> the source of the web traffic. As soon as I changed the default router,
> everything have started to work with the same unchanged pf.conf.
>
> Regards,
>
> lk
>
>
>     > Best regards,
>     > Richard Gallamore
>
>     > On Sun, Mar 7, 2021 at 10:58 AM Ludovit Koren <
> ludovit.koren@gmail.com> wrote:
>
>     >  Hi all,
>
>     >  we have 2 Internet connections coming on the same interface. One is
>     >  primarily used for incoming connections and services that we
> provide to
>     >  Internet (web, mail). The other connection is primarily used for
>     >  browsing (cache/proxy) and DNS. There are 2 different routers.
>
>     >  I am using FreeBSD 12.2-STABLE r369178 and PF. The question is which
>     >  router should I set as default router. I suppose, I can use reply-to
>     >  and/or route-to, respectively. If I use (default router $router2):
>
>     >  pass in on $ext_if reply-to (bge0 $router1) inet proto tcp from any
> to $web_addr port 443 keep state
>
>     >  it is not working. The following setup is working (default router
> $router1):
>
>     >  pass out on $ext_if route-to (bge0 $router2) inet proto tcp from
> any to any keep state
>
>     >  Is it bug or I do not understand the manual page correctly?
>
>     >  Thank you very much.
>
>     >  Regards,
>     >  lk
>     >  _______________________________________________
>     >  freebsd-questions@freebsd.org mailing list
>     >  https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>     >  To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>
>
> --
> A: Because it fouls the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing on usenet and in e-mail?
>
>



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CANJ8om5_2_2oGZ4_zj4y_Xg04V5MXzy99_YV-Z4pwQic=GRdEw>