Date: Thu, 8 Sep 2011 12:20:06 -0400 From: "Rob V" <rob@ipninja.net> To: "'Daniel Hartmeier'" <daniel@benzedrine.cx>, "'Dag-Erling Sm??rgrav'" <des@des.no> Cc: freebsd-pf@freebsd.org Subject: RE: route-to rule Message-ID: <000601cc6e43$33c78640$9b5692c0$@net> In-Reply-To: <20110908141026.GB10185@insomnia.benzedrine.cx> References: <868vpzqjz2.fsf@ds4.des.no> <20110908141026.GB10185@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
>> I realize that pf can't *know* the correct next-hop address for the >> specified interface, but it can make a reasonable guess (first non-zero >> address in $ext2:network), so hard-coding would only be required in >> cases where the "reasonable guess" is incorrect or $ext2 has multiple IP >> addresses. > > There is no guessing involved. If you specify the addresses, this > address is used for an arp lookup, and the ethernet frame will have > this IP address' MAC address as destination. > > If you don't specify the address, the destination IP address of the > matching packet is used for the arp lookup instead! > > If that destination IP address is not local (i.e. must be sent through > a next-hop), you MUST specify the next-hop address, or the packet will > be dropped, as arp resolution will fail. Unless your router is doing proxy arp.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000601cc6e43$33c78640$9b5692c0$>