Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 05 Feb 2010 14:56:31 +0200
From:      Stefan <stefanferreira@gmail.com>
To:        freebsd-pf@freebsd.org
Subject:   Re: How make the route-to working ?
Message-ID:  <4B6C157F.2080301@gmail.com>
In-Reply-To: <20100205123254.GN11310@obspm.fr>
References:  <20100205123254.GN11310@obspm.fr>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi

Pf doesn't seem to be able to route packets on the outbound interface. 
Therefore you have to always put the route-to statements on "pass in 
on..." rules.

I don't have experience setting up pf in a server environment, but I 
believe that rdr rules are normally used for what you are trying to 
achieve...

Regards,
Stefan

On 2010-02-05 14:32, Albert Shih wrote:
> Hi all,
>
> I've a problem with route-to.
>
> I've a server with 2 interfaces, and I'm running jail on this server. Each
> interface have is own public IP address.
>
> 	eth0 -- IP0             eth1 -- IP1
>
> and I've a default route (for example in IP0 subnet).
>
> So if the jail is in the IP0 subnet no problem everything work.
>
> Now if I put a jail in IP1 subnet, and some client try to connect to this
> jail the answer come out through eth0 because of the default route (suppose
> the client is not on my subnet).
>
> I don't want that. I want the answer come out through the eth1
>
> I'm trying to use pf to do that and put in my pf.conf something like
>
> pass in all
> pass out all
> pass out on eth0 route-to {(eth0 IP0_Gateway)} from<IP0>  to ! IP0_subnet
> pass out on eth1 route-to {(eth1 IP1_Gateway)} from<IP1>  to ! IP1_subnet
>
> but it's not working, if I run a tcpdump on the host I can see the
> incoming packet come in from eth1 and the outgoing come out on eth0.
>
> And if I try do remove default route the outgoing packet don't come out....
>
> Any help ?
>
> Regards.
>
>
>    



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B6C157F.2080301>