Date: Sun, 11 Dec 2005 22:06:06 -0600 From: "Travis H." <solinym@gmail.com> To: yayj <yayjsir@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: My problem of pf rule Message-ID: <d4f1333a0512112006s7dc282bbtd2366a36e8452203@mail.gmail.com> In-Reply-To: <439CF5CB.6030207@gmail.com> References: <439A5545.1090308@gmail.com> <d4f1333a0512110318h1fde9fe5t94bfb06711691579@mail.gmail.com> <439CF5CB.6030207@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/11/05, yayj <yayjsir@gmail.com> wrote:
> all packets attempting to go out via em0 have the same src ip, (em0),
> including these from <fxp0_ip> and <fxp1_ip>.
Oh, I think I understand now.
I believe this may be a case where you want to use policy-based
routing; in this case you can tag packets from fxp0 and fxp1 to have
"tag foo" and perhaps you might be able to say:
pass in on { fxp0 fxp1} tag FOO
pass out on em0 to any not tagged FOO queue BAR
I'm not sure if you can say "not tagged FOO" though, and I cannot test that=
.
In any case, you are right, NAT occurs first and so all outbound
packets will have an IP of (em0) when they are leaving. The only way
that I know of to distinguish where they came from is with tags.
--
http://www.lightconsulting.com/~travis/ -><- P=3DNP if (P=3D0 or N=3D1)
"My love for mathematics is unto 1/x as x approaches 0."
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d4f1333a0512112006s7dc282bbtd2366a36e8452203>