From owner-freebsd-questions@freebsd.org Sun Mar 7 18:58:48 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5B8C556F85F for ; Sun, 7 Mar 2021 18:58:48 +0000 (UTC) (envelope-from ludovit.koren@gmail.com) Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DtrNR4PrWz3PJg for ; Sun, 7 Mar 2021 18:58:47 +0000 (UTC) (envelope-from ludovit.koren@gmail.com) Received: by mail-ed1-x530.google.com with SMTP id l12so11515714edt.3 for ; Sun, 07 Mar 2021 10:58:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:user-mail-address:date:message-id:user-agent :mime-version; bh=3qELtloPxJ+j06nHJYoEhOK5EeG1KpBgUB/vcEL17a8=; b=YxEG1JBZE/t6RuzJhOgdk0Y0rgZe0VFkkPVNi1IK6U5sALpcrjTOXkru/H2AOdT7/R 9v5JBWBaiI6jKPv3Ef3q10esRiNoOEfybcau6+E2my0EOfTlEDctoOEUPVkGAZFKjuNJ VEz4PwGv4Hx5ZaoxQG5Tme5S/QiuCqy4sMN/wMJVowESR5PFifTPN2S7hJaIDpimoSCx 3DHTBrsebTch8Ds0nVBu8OVHWMp+Y9LAEiKOJQOB5DMuAs+gWRhqpBixDT7aNHHvZO4k qgbyzwSW5EBuB4w7FpXF0w00W/KNQiiqfdv6Vu57eyhVI5YkALwYl5k8RlPE0qhgZxrX 5bqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:user-mail-address:date :message-id:user-agent:mime-version; bh=3qELtloPxJ+j06nHJYoEhOK5EeG1KpBgUB/vcEL17a8=; b=FaqMqCWrwRWTZzBKe83GSS4ysuO3tqYZ/ixJARl6NTinCCNgff+YwZZsj7AX7fqDOS dptK8qjLwJnx/BkX7kYRFaw+tpgB+afZ0z7JpJyb+l+VXWsdPQu1mXyGGaj1NoYlNQjK k8BHdVTjI4qiymuy95LLZffPqWPzpMOI62bN9moH11bOzHOUq/6pjK1tyMx2M5vBZuXE zocRxSpG7nZiwXsDeHw2spyqVY+LnMQqHSbWVrRjjfETaEivWkhwv4B/eW63kvqpuolm Uen0Lde83rsAkVxsqU26PKvXtHtrG/pbgvi7tVu9fCRhI9fnDvZSMQwKyHYcAMVvnM6J i1OQ== X-Gm-Message-State: AOAM531pVWSGttGETTnLgJqDD5sJ7xQogJEc644lvfQzVt4Bwks1C2ov VX+yxTGLW93OZhmo1R0la+jbANA12B8= X-Google-Smtp-Source: ABdhPJxurV8ByqhgdpuJGnIx6OKBA+tNqm4oIDE64MqQfaeLMmg2q5zSTUj0iQ0x/Xtv147gOjtzLw== X-Received: by 2002:a05:6402:1691:: with SMTP id a17mr18968532edv.336.1615143526463; Sun, 07 Mar 2021 10:58:46 -0800 (PST) Received: from jedi.localdomain (bband-dyn115.178-40-203.t-com.sk. [178.40.203.115]) by smtp.gmail.com with ESMTPSA id ho11sm5262450ejc.112.2021.03.07.10.58.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 07 Mar 2021 10:58:46 -0800 (PST) Received: by jedi.localdomain (Postfix, from userid 1001) id 2223359AAB; Sun, 7 Mar 2021 19:58:45 +0100 (CET) From: Ludovit Koren To: freebsd-questions@freebsd.org Subject: PF - reply-to User-Mail-Address: ludovit.koren@gmail.com Date: Sun, 07 Mar 2021 19:58:45 +0100 Message-ID: <8635x6vli2.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-Rspamd-Queue-Id: 4DtrNR4PrWz3PJg X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=YxEG1JBZ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of ludovitkoren@gmail.com designates 2a00:1450:4864:20::530 as permitted sender) smtp.mailfrom=ludovitkoren@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2a00:1450:4864:20::530:from]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; RECEIVED_SPAMHAUS_PBL(0.00)[178.40.203.115:received]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2a00:1450:4864:20::530:from:127.0.2.255]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::530:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Mar 2021 18:58:48 -0000 Hi all, we have 2 Internet connections coming on the same interface. One is primarily used for incoming connections and services that we provide to Internet (web, mail). The other connection is primarily used for browsing (cache/proxy) and DNS. There are 2 different routers. I am using FreeBSD 12.2-STABLE r369178 and PF. The question is which router should I set as default router. I suppose, I can use reply-to and/or route-to, respectively. If I use (default router $router2): pass in on $ext_if reply-to (bge0 $router1) inet proto tcp from any to $web_addr port 443 keep state it is not working. The following setup is working (default router $router1): pass out on $ext_if route-to (bge0 $router2) inet proto tcp from any to any keep state Is it bug or I do not understand the manual page correctly? Thank you very much. Regards, lk