From owner-freebsd-questions@FreeBSD.ORG Fri Aug 27 12:23:43 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 24D701065673 for ; Fri, 27 Aug 2010 12:23:43 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from smtp.lamaiziere.net (net.lamaiziere.net [91.121.44.19]) by mx1.freebsd.org (Postfix) with ESMTP id DF16D8FC1C for ; Fri, 27 Aug 2010 12:23:42 +0000 (UTC) Received: from baby-jane.lamaiziere.net (unknown [192.168.1.10]) by smtp.lamaiziere.net (Postfix) with ESMTP id E4A7963316B for ; Fri, 27 Aug 2010 14:05:35 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by baby-jane.lamaiziere.net (Postfix) with ESMTP id 4E3842CEC21 for ; Fri, 27 Aug 2010 14:07:17 +0200 (CEST) Date: Fri, 27 Aug 2010 14:07:13 +0200 From: Patrick Lamaiziere To: freebsd-questions@freebsd.org Message-ID: <20100827140713.41391a3e@davenulle.org> In-Reply-To: <96E6F9A3-49F5-4C55-8248-6D62717636DF@lafn.org> References: <96E6F9A3-49F5-4C55-8248-6D62717636DF@lafn.org> X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; i386-portbld-freebsd8.0) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: Routing Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Aug 2010 12:23:43 -0000 Le Thu, 26 Aug 2010 18:17:19 -0700, Doug Hardie a écrit : > PF's route_to will return the packets to the proper router, but I have not > been able to figure out which ones those would be. The source IP > address can be any on either network and its highly likely that we > will see packets from the same source network on both at the same > time. The only distinction I see in the input packets between the > two paths is the MAC address of the router. I don't see any way in > pf or the system to use that to affect the return path > though. the filter option "reply-to" looks to be what you need. It works by keeping the state of a connection (see pf.conf(5)).