From owner-freebsd-pf@FreeBSD.ORG Tue Oct 3 22:57:23 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2014A16A417 for ; Tue, 3 Oct 2006 22:57:23 +0000 (UTC) (envelope-from jd@ods.org) Received: from update.ods.org (update.ods.org [66.246.72.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD35743D55 for ; Tue, 3 Oct 2006 22:57:22 +0000 (GMT) (envelope-from jd@ods.org) Received: from localhost (221056.ds.nac.net [127.0.0.1]) by update.ods.org (Postfix) with ESMTP id C374222758 for ; Tue, 3 Oct 2006 18:57:21 -0400 (EDT) X-Virus-Scanned: amavisd-new at ods.org Received: from update.ods.org ([127.0.0.1]) by localhost (update.ods.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmSQxP0ZRuDE for ; Tue, 3 Oct 2006 18:57:18 -0400 (EDT) Received: from webmail.ods.org (221056.ds.nac.net [127.0.0.1]) by update.ods.org (Postfix) with ESMTP id E090E2275E for ; Tue, 3 Oct 2006 18:57:17 -0400 (EDT) Received: from 10.8.0.18 (SquirrelMail authenticated user geniusj); by webmail.ods.org with HTTP; Tue, 3 Oct 2006 15:57:17 -0700 (MST) Message-ID: <2712.10.8.0.18.1159916237.squirrel@10.8.0.18> Date: Tue, 3 Oct 2006 15:57:17 -0700 (MST) From: "Jason DiCioccio" To: freebsd-pf@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: route-to being ignored? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 22:57:23 -0000 Greetings, I'm having a bit of an issue here with pf and the route-to statement on 6.1-RELEASE-p3/i386. Basically, I have the following rule (at the top of my rules, no less): pass out quick route-to ( tun0 10.8.1.5 ) from 66.29.58.71/32 to any I've tried this rule with keep state, without keep state, with quick, without quick, basically everything I could think of. And I haven't been able to get this to do anything at all. Traffic is still flowing out of ng0 (where the default route resides). 66.29.58.71 is an IP bound to lo0 on the server. Traffic for it comes in over tun0, for which the ifconfig follows: tun0: flags=8051 mtu 1500 inet6 fe80::24a7:3207:1aa1:c985%tun0 prefixlen 64 scopeid 0xa inet 10.8.1.6 --> 10.8.1.5 netmask 0xffffffff Opened by PID 347 Currently if I do a tcpdump on ng0, I can see the ICMP Echo replies going back out over ng0 while the requests come in over tun0. I should also note that I haven't been able to get this working with ipfw fwd either. options IPFIREWALL_FORWARD is in the kernel config as well. Anyone have any idea what I'm missing? Thanks! Jason DiCioccio