From owner-freebsd-pf@freebsd.org Wed Nov 16 16:14:38 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1FF62C458DF; Wed, 16 Nov 2016 16:14:38 +0000 (UTC) (envelope-from stdin@niklaas.eu) Received: from mx.box-hlm-03.niklaas.eu (mx.box-hlm-03.niklaas.eu [84.22.110.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DA70BE48; Wed, 16 Nov 2016 16:14:37 +0000 (UTC) (envelope-from stdin@niklaas.eu) Received: from len-t420.klaas (p200300752F20A37545D3B68A610820A4.dip0.t-ipconnect.de [IPv6:2003:75:2f20:a375:45d3:b68a:6108:20a4]) by mx.box-hlm-03.niklaas.eu (Postfix) with ESMTPSA id AA8CE4F99FA; Wed, 16 Nov 2016 17:14:28 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=niklaas.eu; s=default; t=1479312868; bh=9+Tp8nwwsyCnvDBUYBWpDKjRFN/m4nEuWnvPkK1EG6U=; h=Date:From:To:Subject:Reply-To:References:In-Reply-To; b=czC1T8owx+zyw1AWaT+T/BsLoGbohU3g1DHuIh84TGRJiDaEu3TTKFQvbDolsKlHs SB6J221BKY4Mo4fbNDEjqOYqHLBD80p0WFMpYOWP5tAKvkv6zZ9swCSNAZer1JgrXr o784LjE2ht+xlIHMSzUABOtcQ1VC9YrbhpAiOLgY= Date: Wed, 16 Nov 2016 17:14:26 +0100 From: Niklaas Baudet von Gersdorff To: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Subject: Re: NAT Reflection rules for FreeBSD PF Message-ID: <20161116161426.dxciogunrchqcddm@len-t420.klaas> Reply-To: stdin@niklaas.eu Mail-Followup-To: freebsd-net@freebsd.org, freebsd-pf@freebsd.org References: <20161115113705.GB1675@mail.opdns.de> <20161115132609.GC1675@mail.opdns.de> <20161116110522.GD1675@mail.opdns.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="rmyy7ev4fhptnqf3" Content-Disposition: inline In-Reply-To: <20161116110522.GD1675@mail.opdns.de> User-Agent: NeoMutt/20161014 (1.7.1) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Nov 2016 16:14:38 -0000 --rmyy7ev4fhptnqf3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Oliver Peter [2016-11-16 12:05 +0100] : > The interesting thing here is that /all/ traffic happens on lo0 - even for > jail1 which sits on lo1 only - which I don't understand. I had been wondering about the same thing some while ago: http://marc.info/?l=freebsd-questions&m=147049889417893&w=2 Unfortunately, on the list we never really clarified why all jail traffic goes through lo0 and whether that is "a feature or a bug", as Bjoern stated. Niklaas --rmyy7ev4fhptnqf3 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAABCAAGBQJYLIXcAAoJEJArKu48GaI6X/oP/2UNHb4cMF+f0o8enHCbayij TeVpyEeqmzX6pVy2j3nMHZ7PJU6sfe6tFHAuifiJiPjEky3hsXBjsYyU8trxzA8T vcsSMntPxf3f2i5IpmRF80ZNf7JaF8C1+OP9pMWpjBSJfM+LjTzOknjUrkF92oJH beTZc1w7ETFzGKe4/VxfdWUATSekEaLKH3Zjarwe0Z4CsV9e/J8UROhgozJorXfg gE/gT9P+DIWRebHPmUlV3wttMuLP39CJoKAfk6mcVkGnUtXwPilWO/usQ+bW22al rqoMlHc3paqxsnM1o2sRU0pca0kg+HsTG1D2E/JnLbY9GYQxQ5y1ps7fP7dDJSIt xFtQTFv9EXsdrpYlASQySzZn3/ai5gMegKimi2yvnAW7MS7tjWy6lLiOu3Rt5HuM 9p6LPQLJ3+EI06KJ46BSGTqIEJ3sKSfNOcsOdllbHemJv8wC6vpz61jwyBkaFNng pbKTAI+7Nt+gxg6M/AX2cHtDIncyIsRHcTIBnOWxL2X+1fiA/iv2kesJYAHp9Fuj i4xnW2D64Kaa8WQiXUgwcOMR3GhuzwsDUOGaK6buP4ZSgD2M9AN9lVX13UgEQXTZ hpHbfC1K++pQitpVOd8P6XhdBEzxluFJfNvhOYJDU1ZL23eLdA92hox2kltqlekS wf+IYvV7Rlol0Efc+7RH =Pfhm -----END PGP SIGNATURE----- --rmyy7ev4fhptnqf3--