From owner-freebsd-pf@FreeBSD.ORG Mon Feb 27 06:15:37 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F04016A420 for ; Mon, 27 Feb 2006 06:15:37 +0000 (GMT) (envelope-from bsd-list@mail.ru) Received: from mx1.mail.ru (mx1.mail.ru [194.67.23.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AB4143D49 for ; Mon, 27 Feb 2006 06:15:36 +0000 (GMT) (envelope-from bsd-list@mail.ru) Received: from [193.24.243.209] (port=56518 helo=[10.0.0.5]) by mx1.mail.ru with asmtp id 1FDbfT-000GsM-00 for freebsd-pf@freebsd.org; Mon, 27 Feb 2006 09:15:35 +0300 From: bsd-list To: freebsd-pf@freebsd.org In-Reply-To: <20060225120047.E02B616A456@hub.freebsd.org> References: <20060225120047.E02B616A456@hub.freebsd.org> Content-Type: text/plain Date: Mon, 27 Feb 2006 08:15:33 +0000 Message-Id: <1141028133.11412.16.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.4.2.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Subject: Re: freebsd-pf Digest, Vol 75, Issue 4 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2006 06:15:37 -0000 Hi Vlad > > Message: 1 > Date: Sat, 25 Feb 2006 02:48:21 +0200 > From: "Vlad GALU" > Subject: reply-to doesn't seem to work > To: freebsd-pf@freebsd.org > Message-ID: > <79722fad0602241648y24a4d578h23d2ea536d634210@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > I have a machine with two interfaces. On one of them there is a > webserver listening for client connections. The machine's default > route is through the other interface. > Let's assume the interfaces are called if1, if2 and that the > webserver is listening on if2. > I have a rule like this: > pass in quick on $if2 reply-to ($if2 $if2gw) inet proto tcp from > any to ($if2) port = 80 flags S/SA keep state. > The replies should leave the box through if2, right ? Well, they > don't. I had to add a rule like this: > pass out quick on $if1 route-to ($if2 $if2gw) inet from ($if2) to any "pass in quick on $if2 " --> pass incomming packets from your webserver "pass out quick on $if1" ->pass outgoing packets to defalut path Think about directions "in/out" that way: You are inside the box, the incoming packets are these that arrived from outside to you and the outgoing traffic are the packets that travel from you to outside > I can see the reply-to rule creating states, and yet it doesn't > work as advertised. Ideas, anybody ? > > > -- > If it's there, and you can see it, it's real. > If it's not there, and you can see it, it's virtual. > If it's there, and you can't see it, it's transparent. > If it's not there, and you can't see it, you erased it. > > > ------------------------------ > > Message: 2 > Date: Sat, 25 Feb 2006 02:49:35 +0200 > From: "Vlad GALU" > Subject: Re: reply-to doesn't seem to work > To: freebsd-pf@freebsd.org > Message-ID: > <79722fad0602241649n3864eb94w3c2e06e72283c22c@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > On 2/25/06, Vlad GALU wrote: > [...] > > Sorry, I forgot to mention that this happens on 6.1-PRERELEASE. I > couldn't check on other versions, unfortunately. > > -- > If it's there, and you can see it, it's real. > If it's not there, and you can see it, it's virtual. > If it's there, and you can't see it, it's transparent. > If it's not there, and you can't see it, you erased it. > > > ------------------------------ > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > > End of freebsd-pf Digest, Vol 75, Issue 4 > ***************************************** >