From owner-freebsd-pf@freebsd.org Thu Oct 27 19:25:12 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C685C2368C for ; Thu, 27 Oct 2016 19:25:12 +0000 (UTC) (envelope-from jamesmorris8@outlook.com) Received: from COL004-OMC4S10.hotmail.com (col004-omc4s10.hotmail.com [65.55.34.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1359076D for ; Thu, 27 Oct 2016 19:25:11 +0000 (UTC) (envelope-from jamesmorris8@outlook.com) Received: from IND01-BO1-obe.outbound.protection.outlook.com ([65.55.34.199]) by COL004-OMC4S10.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Thu, 27 Oct 2016 12:24:05 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BDzr2hm5TPefhqwxShnx6jS6gIqvSxCiNd4X65ocyCA=; b=Hm1WFxW4Pue6aCaYF6eUf3ncYWRsgU98ksZnfum6WG2bDmNPDhtQ/9iEQ2YKuPGUFq9vG/WJr8z3+rYhWLDZumodofGmu3vSFFEy9weRmQdY74rIgKU/UAF/fSbAgKpPAcHS0Hpw+WpgckW0ca2won7D69iO71Bs43NO/E6qeMFXlppsbU47vb9S1sANJXt3awpM+b10GzSkj5tkbfayBY31mAtflC0YiWh11to8RM6NN/1QZV9XIIcMEXU9DR+UOdf9dqQghN5D22Pkii/qhFO+SJ6d4RCO4cermkb1HZiRFx7tMU1gxlhdUdK9dFFxlVIiP1btShdb4Rw4HhTWLg== Received: from BO1IND01FT010.eop-IND01.prod.protection.outlook.com (10.152.202.57) by BO1IND01HT008.eop-IND01.prod.protection.outlook.com (10.152.202.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5; Thu, 27 Oct 2016 19:23:38 +0000 Received: from BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM (10.152.202.54) by BO1IND01FT010.mail.protection.outlook.com (10.152.202.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.679.5 via Frontend Transport; Thu, 27 Oct 2016 19:23:38 +0000 Received: from BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM ([10.164.129.147]) by BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM ([10.164.129.147]) with mapi id 15.01.0679.015; Thu, 27 Oct 2016 19:23:38 +0000 From: James Morris To: "freebsd-pf@freebsd.org" Subject: Re: Forcing a route using pf Thread-Topic: Forcing a route using pf Thread-Index: AQHSMFptebiwBmt7E0CVr/XEeKg/d6C8VQ4AgAAAHuOAAAW4gIAAUDo6 Date: Thu, 27 Oct 2016 19:23:38 +0000 Message-ID: References: <20161027140324.GH51420@home.opsec.eu> , <20161027142417.GI51420@home.opsec.eu> In-Reply-To: <20161027142417.GI51420@home.opsec.eu> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=outlook.com; x-tmn: [tMUknO/6a0lUjGUlVGu01JaNsSXIP6fA] x-eopattributedmessage: 0 x-microsoft-exchange-diagnostics: 1; BO1IND01HT008; 6:LFNKCA3jYCSsB3WeMkAW9lOkPuMZrHYAtKnRP7szGAmUf+4im/VDp7ZBViHjo6/qv7R2fsIk8PET1BdfrQzpOzdLoHqKKAdOkXKLnSOL22Mc+DUPowOoHIB5/nUN3aWJThxBuo6GjJcyMHAEzjNU3OBpNDc2utUE6lrrYfJcHx0u4OG3ehtpgVaVSOKOLRXmo5imLtdxRmkbhW1hiK2DN/A8x68O/+uJQQI1E00OdFK39wMeGgpUIQlQ10yYq9/52xbAPm8+0uTDYLolCN5HpBJVERzxifBfXQq7hvbjNu4=; 5:YvWpvknjTpDIIWenw98cQbriySDig6NQIigvSHZDdhFT6SY3CIqC8lASr6nTGP942hAk8j5MsXaTgCoYQUJ10dN1+OLlULMAH+TBOlc8++WW48k8RTS9A/KwhHE4Ib6W0pmC7lBz4dDrx/01n1mlGQ==; 24:VuEDpz6L5Ep0yc5Cmf7dp8966E2dJ58LLMpbQcupPY3cT8rwXy1PPzt7w6hpkPfASzh5c0fVB89AL/1bbXhIoHUj/PWAPaR1Tr8Kev18mM4=; 7:cmBtcRIwo3pCeZZPfbjJG02HVp/3avl9c+EGDjigzQZatMUirGwQVIh1iS6Bmat+bekhZiHRcXSePaYn289yubmhRqBjkNeuH7yGk5/o8EuLz9dbvGBiXiHU9MQXiKMjMpIb2FLo4t1X/CMN7s8oGCekG1qale8ZDyYccm0rUy3bfV08IbrbvCE1xlmwXEcuHantGQSy6wvE3hWaEEJCK/LfcxwQny8OKsbfk0BtjStNDNe21VJQkSMK3dim9R5k9/aS2SZmEj9FdHHSWi76xW9mnzPit3jNorKYt4fSgnkGYk5hqcmL2oaLg/+15xjZMJMLwUtqWpGqn7/pzZ58Og== x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(10019020)(98900003); DIR:OUT; SFP:1102; SCL:1; SRVR:BO1IND01HT008; H:BM1PR01MB0209.INDPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; x-ms-office365-filtering-correlation-id: 8246802a-fa82-4bb2-144c-08d3fe9ec0d7 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(1601124038)(1603103081)(1601125047)(1603101340); SRVR:BO1IND01HT008; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(432015012)(82015046); SRVR:BO1IND01HT008; BCL:0; PCL:0; RULEID:; SRVR:BO1IND01HT008; x-forefront-prvs: 0108A997B2 spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2016 19:23:38.1019 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: BO1IND01HT008 X-OriginalArrivalTime: 27 Oct 2016 19:24:05.0255 (UTC) FILETIME=[AE716170:01D23087] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2016 19:25:12 -0000 Hi, While this does solve the issue of pushing traffic through igb0, however an= y income connections to igb1 from server B also get shunted out igb0. I was wondering if there is a way to do this in pf. This way I can say for any outbound connections to B use igb0, but if B con= tacts me on igb1 reply with the same IP. Further I could probably restrict outbound by tcp ports too. Thanks for the help. James From: Kurt Jaeger Sent: 27 October 2016 14:24 To: James Morris Cc: freebsd-pf@freebsd.org Subject: Re: Forcing a route using pf =A0 =20 Hi! On Server A: route add -host 10.10.10.100 10.0.0.1 On Server B: route add -net 10.0.0.0/24 10.10.10.1 --=20 pi@opsec.eu=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 +49 171 3101372=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 4 years to go ! =