Date: Mon, 22 Dec 2008 16:02:59 +0100 From: "Crt Zerjal" <crt@soup.si> To: freebsd-pf@freebsd.org Subject: reply-to in RELENG_7not working for networks attached to router Message-ID: <bedf2520812220702p21bfa1a9wdc658f735f2586f2@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
hi, this is my config file that worked well on RELENG_6.2
ext_ip1 = "{ x.x.81.190 }"
ext_ip2 = "{ y.y.6.177 }"
gw1 = "{ x.x.81.161 }"
gw2 = "{ y.y.0.1 }"
# NAT
rdr on le0 proto tcp from any to $ext_ip1 port { 80 } -> 192.168.233.1
rdr on le2 proto tcp from any to $ext_ip2 port { 80 } -> 192.168.233.1
# RULES
pass in quick on le0 reply-to ( em0 $gw1 )from any to any keep state
pass in quick on le2 reply-to ( em1 $gw2 ) from any to any keep state
but on RELENG_7 if the ip accessing one of the wans is in the subnet of the
other wan
the response is routed through the wrong interface
-- some ip lets say y.y.15.123 acess the router on x.x.81.190 on port 80
then reaches my web server on 192.168.233.1 and should leave on the same
interface that it came in but it is routed back on the other if
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bedf2520812220702p21bfa1a9wdc658f735f2586f2>