Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 31 Oct 2016 10:30:17 +0300
From:      Max <maximos@als.nnov.ru>
To:        freebsd-pf@freebsd.org
Subject:   Re: Forcing a route using pf
Message-ID:  <4a6abbc5-612a-8081-2cf0-8e72def91d0d@als.nnov.ru>
In-Reply-To: <BM1PR01MB0209989640A31E056B4B75F68CAC0@BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM>
References:  <BM1PR01MB020932CF4F49E57B708182A58CAA0@BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM> <20161027140324.GH51420@home.opsec.eu> <BM1PR01MB0209A82FCDD79E7FB9616B798CAA0@BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM> <20161027142417.GI51420@home.opsec.eu> <BM1PR01MB02099B2E0C2201991837E7EA8CAA0@BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM> <20161028132154.5a094476@mr185083> <BM1PR01MB0209989640A31E056B4B75F68CAC0@BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help 
Interface igb0:

nat on igb1 to 10.10.10.100 -> igb0

pass out on igb1 route-to ( igb0 10.0.0.1 ) from igb0 to 10.10.10.100


Why don't you use igb1 interface?

nat on igb1 to 10.10.10.100 -> igb0

And on Server B:
route add -host 10.0.0.10 10.10.10.10



29.10.2016 13:14, James Morris пишет:
> Hi,
>
> I added the pf rule:
>
> pass out on igb1 route-to ( igb0 10.0.0.1 ) from any to 10.10.10.100
>
> But now when I try to reach 10.10.10.100 traffic goes out igb0 as expected, but it has the source IP of igb1
>
> # ping 10.10.10.100
>
> # tshark -i igb0
> Capturing on 'igb0'
>    1   0.000000 10.10.10.10 -> 10.10.10.100  ICMP 98 Echo (ping) request  id=0xb403, seq=0/0, ttl=64
>    2   0.001509 RealtekU_12:35:02 -> Broadcast    ARP 60 Who has 10.10.10.10? Tell 10.0.0.1
>    3   1.020896 10.10.10.10 -> 10.10.10.100  ICMP 98 Echo (ping) request  id=0xb403, seq=1/256, ttl=64
>    4   1.022268 RealtekU_12:35:02 -> Broadcast    ARP 60 Who has 10.10.10.10? Tell 10.0.0.1
>
>
> Traffic is flowing out the correct interface, but has the wrong source IP address.
>
> What am I doing wrong here?
>
> Thanks,
>
> James
>
>
>
> From: Patrick Lamaiziere <patrick@davenulle.org>
> Sent: 28 October 2016 11:21
> To: James Morris
> Cc: freebsd-pf@freebsd.org
> Subject: Re: Forcing a route using pf
>      
> Le Thu, 27 Oct 2016 19:23:38 +0000,
> James Morris <jamesmorris8@outlook.com> a écrit :
>
> Hi,
>
> Hello,
>
>> While this does solve the issue of pushing traffic through igb0,
>> however any income connections to igb1 from server B also get shunted
>> out igb0.
>>
>> I was wondering if there is a way to do this in pf.
> see PF route-to option.
>
> Regards,
>
>      
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4a6abbc5-612a-8081-2cf0-8e72def91d0d>