Date: Sun, 11 Dec 2005 05:18:52 -0600 From: "Travis H." <solinym@gmail.com> To: yayj <yayjsir@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: My problem of pf rule Message-ID: <d4f1333a0512110318h1fde9fe5t94bfb06711691579@mail.gmail.com> In-Reply-To: <439A5545.1090308@gmail.com> References: <439A5545.1090308@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> let's put aside the subnet routing env.s the int are in and the routing > table of host is like this, if the dest IP of packet is in <set0> then > it's forwarded to em0, if is in <set1> then em1. I turn on NAT on em0. > > there are two questions left: > 1. I wanna employ a flow control for the two fxp int on em0 other than. > cuz NAT is applying on em0, I can't describe the flow of the two fxp int > using 'on em0' respectively. I describe them on their source int like thi= s: > > pass in on fxp0 inet from <fxp0_ip> to <set0> queue queue0 > pass in on fxp0 inet from <fxp1_ip> to <set1> queue queue1 What's "a flow control"? I don't see why you can't specify "on em0", even when NAT is in use. > 2. The host itself may also send data by em0 using the IP of em0, how > can I describe this flow? Using cbq(default) or whatever? How about: pass out on em0 from (em0) to any This notation for use with dynamic IPs is described in the FAQ: http://www.openbsd.org/faq/pf/ -- http://www.lightconsulting.com/~travis/ -><- Knight of the Lambda Calculus "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d4f1333a0512110318h1fde9fe5t94bfb06711691579>