From owner-freebsd-pf@FreeBSD.ORG Tue Feb 2 17:54:54 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E4E71065695 for ; Tue, 2 Feb 2010 17:54:54 +0000 (UTC) (envelope-from stefanferreira@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 412D48FC1A for ; Tue, 2 Feb 2010 17:54:53 +0000 (UTC) Received: by vws11 with SMTP id 11so199463vws.13 for ; Tue, 02 Feb 2010 09:54:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=ERsdoPiwlBi6or0+h4hydSwsnMAJRfizuxM8CYykWQg=; b=FWTFEHYdzImV18MzdTAQ4h4pLOJEC0n1Ei88VAw3pqFbBfAyTAqnie2/4L4k1jv5Td tzDh+wJj+cSFIaPMG5LjWJnT6i1j/AhSirrq7T+EiNMfdmbEvwwfXedPVulZdW/Gk3EJ yqX7mjggG/1oZx2uhbirxPCFMRU7OGFDvjoq4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=eIT8kDCr0zPygnfqYNYSe2wvKL2MIxlsScKlWojjFli9s84GmJw35QnRamW0H9e/km yy2yMiVJz8tPtcIjtXIckaj3kfjkG4QCWf3kSqKEZxEjCfDh7waKYxoYZlLhhb+WtySb UAChzq/6YC67S0CYHH0jIkzqsfWJx9v04KZVA= Received: by 10.220.122.68 with SMTP id k4mr8364198vcr.66.1265133281363; Tue, 02 Feb 2010 09:54:41 -0800 (PST) Received: from ?192.168.8.120? (196-215-4-63.dynamic.isadsl.co.za [196.215.4.63]) by mx.google.com with ESMTPS id 33sm71741832vws.11.2010.02.02.09.54.38 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 02 Feb 2010 09:54:40 -0800 (PST) Message-ID: <4B6866D5.4060405@gmail.com> Date: Tue, 02 Feb 2010 19:54:29 +0200 From: Stefan User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091204 Lightning/1.0b1 Thunderbird/3.0 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: toute-to on lo0 not working? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2010 17:54:54 -0000 Hi In my quest to route traffic originating on the freebsd machine, I've managed to loop back outbound traffic via lo0 so that I can try and route it inbound on lo0 (pf can't apply route-to logic to outbound traffic; by then it's to late to try and route it over a different interface). The loopback works when I switch off skip on lo0, and pass all lo0 traffic, so that traffic is definitely processed by pf. I also know the looping works, because when I try to ping an outside IP, I get a response that the TTL has been exceeded, and traceroute shows repeating entries of 127.0.0.1 (in other words, the packets jost loop back through the pf box repeatedly till their TTL is exceeded). The problem is the moment I change my rule to try and route the inbound traffic on lo0, the packets just seem to go nowhere. They are not routed correctly and I can't tell what happens to them. In the ruleset below, enabling the second rule results in the packets looping back to the pf box repeatedly, and the first rule results in the packets "disappearing". The only difference is the route-to statement, which works for all traffic originating elsewhere on the lan. #pass in quick on lo0 route-to (adsl-int0 196.210.140.129) from any to ! $IPs_LAN $KEEPSTATE $ALTQ_DEFAULT label zSA_Local tag zSA_Local #pass in quick on lo0 from any to ! $IPs_LAN $KEEPSTATE $ALTQ_DEFAULT label zSA_Local tag zSA_Local pass out quick all $KEEPSTATE tagged zSA_Local pass quick on lo0 Please help! I really need to route traffic originating on the pf box via pf, and not via rtables!