Date: Tue, 26 Jan 2010 12:02:20 +0200 From: Stefan <stefanferreira@gmail.com> To: freebsd-pf@freebsd.org Subject: Routing router-originating traffic via route-to rules Message-ID: <4B5EBDAC.2030605@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi I've googled this one to bits and pulled out quite a lot of hair: Basically I need a way to route, using "route-to" filter rules, the traffic originating on the freebsd router itself. The problem with doing this is that pf only sees the packets on their way out, when an outbound interface has already been chosen by the routing tables. Therefore pf's route-to rules have no effect on locally originating traffic. I've tried several approaches to get around this. They all center around looping back the router's traffic before routing it out, so that pf can see the packets as inbound once before they get routed properly. This means changing the default route to one of the tried loopbacks, then using pf filter rules coming in on the chosen loopback of bridge. I've tried this using bridged netgraph and tap interfaces, and using loopback interfaces. I've also tried it using a loopback interface with an IP on a unique subnet, to keep the packets from routing through lo0. Please, I'm desperate to get this working! Has anyone done this type of thing successfully or does anyone have any idea how to get it working? I'd think that this would be a fairly common requirement, if not for routing then at least for filtering outbound (router) traffic...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B5EBDAC.2030605>