From owner-freebsd-net@FreeBSD.ORG Thu Sep 20 19:26:07 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2FE6D1065701 for ; Thu, 20 Sep 2012 19:26:06 +0000 (UTC) (envelope-from misho@elwix.org) Received: from x0r.aitnet.org (unknown [IPv6:2a00:e40:deba:1::5]) by mx1.freebsd.org (Postfix) with ESMTP id F40B68FC15 for ; Thu, 20 Sep 2012 19:26:05 +0000 (UTC) Received: from localhost (unknown [127.0.0.1]) by x0r.aitnet.org (Postfix) with ESMTP id 451CF3F72B; Thu, 20 Sep 2012 22:26:05 +0300 (EEST) X-Virus-Scanned: amavisd-new at aitnet.org Received: from x0r.aitnet.org ([127.0.0.1]) by localhost (x0r.aitnet.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z8lFm+a6uMeZ; Thu, 20 Sep 2012 22:26:04 +0300 (EEST) Received: from terran.aitnet.org (unknown [77.70.75.103]) by x0r.aitnet.org (Postfix) with ESMTPSA id 3805E3F707; Thu, 20 Sep 2012 22:26:04 +0300 (EEST) Date: Thu, 20 Sep 2012 22:26:03 +0300 From: Michael Pounov To: freebsd-net@freebsd.org Message-Id: <20120920222603.b5ebc4f5.misho@elwix.org> In-Reply-To: References: <505B2555.40704@doblej.net> <20120920180115.ede9a2b8.misho@elwix.org> Organization: ELWIX X-Mailer: Sylpheed 3.1.2 (GTK+ 2.24.6; i386-portbld-freebsd9.0) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: mikemacleod@gmail.com Subject: Re: Multiroute question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Sep 2012 19:26:07 -0000 I dont think that route-to is only for passthrough traffic :):):) This pf config work even traffic is originated from and to machine ;) :) Please read option careful in example ;) On Thu, 20 Sep 2012 13:25:50 -0400 Michael MacLeod wrote: > Actually, multiple routing tables is the correct solution. I documented it > here: > > http://www.mmacleod.ca/blog/2011/06/source-based-routing-with-freebsd-using-multiple-routing-table/ > > >From the post: "... But route-to and reply-to do not trump the default > routing table for traffic that originates or terminates on the router > itself. They are useful only for traffic passing through the router. pf can > only make routing decisions when a packet passes through an interface. It > can try and set the reply-to interface to be the second WAN connection when > an inbound SSH connection is made, but neither the SSH daemon nor the > routing table on the host know or care about the routing preferences of pf." > > On Thu, Sep 20, 2012 at 11:01 AM, Michael Pounov wrote: > > > Hi, Juan > > > > Use pf like in that simple example: > > > > $dsl_if = "CardA" > > $int_if = "CardB" > > $dsl_addr = "_dsl_if_ip_" > > $int_addr = "_int_if_ip_" > > $dsl_gw = "_dsl_gw_ip_" > > $int_gw = "_int_gw_ip_" > > > > set state-policy if-bound > > > > .... blah blah blah whatever rules ... > > > > pass out on $dsl_if route-to ($int_if $int_gw) from $int_if no state > > pass out on $int_if route-to ($dsl_if $dsl_gw) from $dsl_if no state > > > > # End pf example ;) > > > > On Thu, 20 Sep 2012 16:16:53 +0200 > > Juan José Sánchez Mesa wrote: > > > > > Hi! > > > > > > (sorry for my bad english) > > > > > > I have a FreeBSD machine (8.2-RELEASE-p3). The machine has two ethernet > > > cards, configured in this way: > > > > > > - Card A: internet IP address > > > - Card B: intranet IP address > > > > > > Default route goes via card A. > > > > > > Now, on the intranet I have a "normal" DSL router. Then, using NAT i've > > > forewarded a simple port from the DSL to the intranet IP of this machine. > > > > > > The incoming packets from the DSL comes ok to the machine (via card B), > > > but the outgoing packet goes to card A, due to the default route. > > > > > > There is a way to configure the network so that outgoing packets goes to > > > the card from where the incoming packets was arrived ? > > > > > > Or is this impossible to configure ? > > > > > > Thanks!!! > > > > > > _______________________________________________ > > > freebsd-net@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > > > -- > > Best Regards, > > > > Michael Pounov > > ELWIX - embedded lightweight unix - > > > > WWW: http://www.elwix.org/ > > EMail: misho@elwix.org > > Skype: mpunov > > XMPP: misho@aitnet.org > > Phone: +359 888 737358; +359 899 737358 > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Best Regards! Michael Pounov +359 888 737358, +359 899 737358 WWW: http://www.elwix.org/ XMPP: misho@aitnet.org Skype: mpunov