Date: Mon, 27 Feb 2006 08:15:33 +0000 From: bsd-list <bsd-list@mail.ru> To: freebsd-pf@freebsd.org Subject: Re: freebsd-pf Digest, Vol 75, Issue 4 Message-ID: <1141028133.11412.16.camel@localhost> In-Reply-To: <20060225120047.E02B616A456@hub.freebsd.org> References: <20060225120047.E02B616A456@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Vlad > > Message: 1 > Date: Sat, 25 Feb 2006 02:48:21 +0200 > From: "Vlad GALU" <vladgalu@gmail.com> > Subject: reply-to doesn't seem to work > To: freebsd-pf@freebsd.org > Message-ID: > <79722fad0602241648y24a4d578h23d2ea536d634210@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > I have a machine with two interfaces. On one of them there is a > webserver listening for client connections. The machine's default > route is through the other interface. > Let's assume the interfaces are called if1, if2 and that the > webserver is listening on if2. > I have a rule like this: > pass in quick on $if2 reply-to ($if2 $if2gw) inet proto tcp from > any to ($if2) port = 80 flags S/SA keep state. > The replies should leave the box through if2, right ? Well, they > don't. I had to add a rule like this: > pass out quick on $if1 route-to ($if2 $if2gw) inet from ($if2) to any "pass in quick on $if2 " --> pass incomming packets from your webserver "pass out quick on $if1" ->pass outgoing packets to defalut path Think about directions "in/out" that way: You are inside the box, the incoming packets are these that arrived from outside to you and the outgoing traffic are the packets that travel from you to outside > I can see the reply-to rule creating states, and yet it doesn't > work as advertised. Ideas, anybody ? > > > -- > If it's there, and you can see it, it's real. > If it's not there, and you can see it, it's virtual. > If it's there, and you can't see it, it's transparent. > If it's not there, and you can't see it, you erased it. > > > ------------------------------ > > Message: 2 > Date: Sat, 25 Feb 2006 02:49:35 +0200 > From: "Vlad GALU" <vladgalu@gmail.com> > Subject: Re: reply-to doesn't seem to work > To: freebsd-pf@freebsd.org > Message-ID: > <79722fad0602241649n3864eb94w3c2e06e72283c22c@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > On 2/25/06, Vlad GALU <vladgalu@gmail.com> wrote: > [...] > > Sorry, I forgot to mention that this happens on 6.1-PRERELEASE. I > couldn't check on other versions, unfortunately. > > -- > If it's there, and you can see it, it's real. > If it's not there, and you can see it, it's virtual. > If it's there, and you can't see it, it's transparent. > If it's not there, and you can't see it, you erased it. > > > ------------------------------ > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > > End of freebsd-pf Digest, Vol 75, Issue 4 > ***************************************** >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1141028133.11412.16.camel>