Date: Thu, 06 Apr 2017 09:08:49 +0200 From: Nils Beyer <nbe@renzel.net> To: freebsd-net@freebsd.org Subject: Re: [PF] Symmetric routing enforcement, how-to without using "reply-to"... References: <4956261.2DO1X0b8Gd@asbach.renzel.net> <20170405113352.GB20974@zxy.spb.ru> <29877.6759453633$1491395346@news.gmane.org> <201704051246.v35CkKB3028504@plan-b.pwste.edu.pl> <20170405181021.GA76030@plan-b.pwste.edu.pl>
| previous in thread | raw e-mail | index | archive | help
Marek Zarychta wrote: > pass in quick on $ext_if_1 \ > [...] > pass in quick on $ext_if_2 reply-to ($ext_if_2 $ip_gw_2) \ > [...] > pass in quick on $ext_if_1 \ > [...] > pass in quick on $ext_if_2 \ that's what I meant in my opening post - you have to create a rule for every possible gateway. It even gets more complex if your server itself is a gateway for other servers in your network and you have to distribute outgoing traffic depending on the requesting server in your network. So something simple like: ------------------------------------------------------------------------------ ipfw add 60000 fwd $ip_gw_2 all from $ext_net_2 to any via $ext_if_1 ipfw add 60001 fwd $ip_gw_1 all from $ext_net_1 to any via $ext_if_2 ------------------------------------------------------------------------------ is not possible with PF? Regards, Nils
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>