Date: Tue, 20 May 2008 18:30:58 +0300 From: "Cristian Bradiceanu" <cbredi@bofhserver.net> To: freebsd-pf@freebsd.org Subject: pf reply-to tcp connections stall Message-ID: <2f12f40a0805200830l7836d640s69c55af837d475d9@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I am trying to set up split routing on two Internet links, each with one IP address: em0 = wan1, $em0_gw gateway em1 = lan, NATed on em0 and em2 em2 = wan2, default gateway pass in on em0 reply-to (em0 $em0_gw) inet proto tcp from any to em0 flags S/SA keep state pass in on em0 reply-to (em0 $em0_gw) inet proto udp from any to em0 keep state pass in on em0 reply-to (em0 $em0_gw) inet proto icmp from any to em0 keep state wan2 connections are working correct, no pf rules for policy routing wan1 tcp connections to IP of em0 (e.g. ssh) stall when a large amount of data is sent (e.g. running dmesg or cat file). States are created correctly. When ssh stalls there are some icmp packets out on lo0 with source and destination ip address of em0, which I believe is not correct (set skip on lo0 does not help). Also tried with tcp ... modulate state but same result. If I change default gateway to $em0_gw and disable pf all connections on wan1 are ok. I also tried to use route-to instead of reply-to with: pass out on em2 route-to (em0 $em0_gw) from em0 to any both with keep state and no state options - same ssh connection stall. System is FreeBSD 7.0-STABLE amd64. Kind regards, Cristian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2f12f40a0805200830l7836d640s69c55af837d475d9>