Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Feb 2005 19:14:35 -0500
From:      Matt MacDonald <macdonald.matthew@gmail.com>
To:        freebsd-pf@freebsd.org
Cc:        jon@abccomm.com
Subject:   Re: Two interface route-to problem
Message-ID:  <8878e3ce05020716141bc822c4@mail.gmail.com>
In-Reply-To: <8eea0408050207104056b5f37d@mail.gmail.com>
References:  <8878e3ce05020704156c54f315@mail.gmail.com> <8eea0408050207104056b5f37d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thank you for the help.

I was sure that I read in the docs somewhere that you could use
route-to on an outgoing packet as well.  If not, is there any way that
I can route a packet back out tun1 when my default route is tun0?

Thanks,
Matthew MacDonald

On Mon, 7 Feb 2005 10:40:06 -0800, Jon Simola <jsimola@gmail.com> wrote:
> On Mon, 7 Feb 2005 07:15:21 -0500, Matt MacDonald
> <macdonald.matthew@gmail.com> wrote:
> 
> > I've got two PPPoe interfaces to different ISPs.  The default route is
> > to ISP1 but my servers are on the ISP2.  Everything seems to be
> > working fine except for traffic that is destined for ISP2 get's
> > returned on the ISP1 interface.  The docs seem to say that route-to
> > will fix me problem but I can't seem to get it to work.  Hopefully
> > someone on this list will see what I'm doing wrong.
> >
> > Here is the commands that I have tried to get this to work:
> >
> > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2:peer ) from ($ISP2) \
> >      to any flags S/SA
> > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2gw  ) from ($ISP2) \
> >      to any flags S/SA
> > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2:peer ) from $ISP2addr \
> >      to any flags S/SA
> > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2gw ) from $ISP2addr \
> >      to any flags S/SA
> >
> > but none of them seem to work.  I do have a similar line that routes
> > SMTP traffic inbound on the inside interface to ISP2 and that works
> > fine.
> 
> Yes, route-to should be used on the "pass in" side of the ruleset.
> You've got a working SMTP rule for it, and here's an example from one
> of my routers:
> 
> pass in  on vlan107 route-to (vlan700 172.16.0.129) from
> vlan107:network to x.x.0.0/16 keep state
> 
> The man page talks about creating route-to creating state, and I think
> it's much easier to do this on the incoming interface.
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8878e3ce05020716141bc822c4>