Date: Fri, 5 Feb 2010 13:32:54 +0100 From: Albert Shih <Albert.Shih@obspm.fr> To: freebsd-jail@freebsd.org, freebsd-pf@freebsd.org Subject: How make the route-to working ? Message-ID: <20100205123254.GN11310@obspm.fr>
next in thread | raw e-mail | index | archive | help
Hi all,
I've a problem with route-to.
I've a server with 2 interfaces, and I'm running jail on this server. Each
interface have is own public IP address.
eth0 -- IP0 eth1 -- IP1
and I've a default route (for example in IP0 subnet).
So if the jail is in the IP0 subnet no problem everything work.
Now if I put a jail in IP1 subnet, and some client try to connect to this
jail the answer come out through eth0 because of the default route (suppose
the client is not on my subnet).
I don't want that. I want the answer come out through the eth1
I'm trying to use pf to do that and put in my pf.conf something like
pass in all
pass out all
pass out on eth0 route-to {(eth0 IP0_Gateway)} from <IP0> to ! IP0_subnet
pass out on eth1 route-to {(eth1 IP1_Gateway)} from <IP1> to ! IP1_subnet
but it's not working, if I run a tcpdump on the host I can see the
incoming packet come in from eth1 and the outgoing come out on eth0.
And if I try do remove default route the outgoing packet don't come out....
Any help ?
Regards.
--
Albert SHIH
SIO batiment 15
Observatoire de Paris Meudon
5 Place Jules Janssen
92195 Meudon Cedex
Téléphone : 01 45 07 76 26/06 86 69 95 71
Heure local/Local time:
Ven 5 fév 2010 13:25:02 CET
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100205123254.GN11310>