Date: Thu, 13 Sep 2007 09:32:28 +0800 From: "skridsko grafstrom" <skridsko@gmail.com> To: freebsd-pf@freebsd.org Subject: Problem with pf route-to in jail Message-ID: <319abcb30709121832i7d0100e6ibe2b98294030c63e@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Encountered a weird problem with pf, but before going into that, a description of my network, Network interfaces - 1) lnc0 - ethernet interface, inet 192.168.1.2 netmask 255.255.255.0 2) ng0 - netgraph pptp interface, 10.0.0.2 -> 10.0.0.1 point-to-point 3) vlan0 - virtual interface, inet 172.16.1.1 netmask 255.255.255.255 Default gateway - 192.168.1.1 I have a jail running on vlan0 IP, ie. 172.16.1.1 and I want to route all traffic from the jail thru ng0, ie, all jail traffic goes thru pptp. Since I'm unable to change the default route for the jail, I resorted to using pf. Below are my rules, nat on ng0 from vlan0 to any -> ng0 rdr on ng0 from any to ng0 -> vlan0 pass out route-to ng0 from vlan0 to !vlan0 This works, but only partially, with the following observations, 1) Ping works, but only for the first packet, subsequent packets are lost ping -c4 google.com PING google.com (64.233.187.99): 56 data bytes 64 bytes from 64.233.187.99: icmp_seq=0 ttl=244 time=278.728 ms --- google.com ping statistics --- 4 packets transmitted, 1 packets received, 75% packet loss round-trip min/avg/max/stddev = 278.728/278.728/278.728/0.000 ms 2) DNS resolutions work fine, as do traceroutes (a sign of UDP working?) 3) Using nc to connect to a remote listening port shows successful connection but no data can be sent subsequently in the same nc session. Anyone can help with what's going on here? Or provide a better solution on how to achieve the setup I want? Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?319abcb30709121832i7d0100e6ibe2b98294030c63e>