From owner-freebsd-pf@FreeBSD.ORG Wed Aug 17 21:19:24 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC80D16A41F for ; Wed, 17 Aug 2005 21:19:24 +0000 (GMT) (envelope-from bri@sonicboom.org) Received: from entwistle.sonicboom.org (entwistle.sonicboom.org [66.93.34.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61AAE43D46 for ; Wed, 17 Aug 2005 21:19:24 +0000 (GMT) (envelope-from bri@sonicboom.org) Received: from [127.0.0.1] (entwistle.sonicboom.org [66.93.34.170]) by entwistle.sonicboom.org (8.13.3/8.13.1) with ESMTP id j7HLJCd2010033; Wed, 17 Aug 2005 14:19:13 -0700 (PDT) (envelope-from bri@sonicboom.org) Message-ID: <4303A9CA.9080808@sonicboom.org> Date: Wed, 17 Aug 2005 14:19:06 -0700 From: Brian User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Daniel Hartmeier References: <48239d390508150840481420ec@mail.gmail.com> <20050815154334.GB32151@insomnia.benzedrine.cx> <48239d3905081509062c585a17@mail.gmail.com> <20050815162733.GC32151@insomnia.benzedrine.cx> In-Reply-To: <20050815162733.GC32151@insomnia.benzedrine.cx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: Fwd: Fwd: Dual-feed: PF setup troubles X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2005 21:19:24 -0000 Daniel Hartmeier wrote: >On Mon, Aug 15, 2005 at 08:06:03PM +0400, Sergey Lapin wrote: > > > >>And as for other bugs - return to wrong place and NAT from wrong interface? >>#2 is serious >>http://www.mail-archive.com/freebsd-pf@freebsd.org/msg00421.html >> >> > >Repeat it on 6.0RC and provide the smallest ruleset that reproduces it >completely. The order of how translation rules are evaluated with >routing rules has changed several times, 6.0RC contains the newest code. > >Note that translation rules (like NAT) are executed before route-to is, >i.e. if you let outgoing packets first go out the default interface, any >NAT rule on that interface is performed, _before_ the packet is then >re-routed to the non-default interface. Using route-to on the internal >interface makes this a non-issue, but you met the bug when trying that. >Assuming that bug is fixed, it will probably be the simplest approach, >and work. > >If you do want to use route-to on the outgoing default interface, >however, you can try restricting the nat rules to appropriately tagged >packets, like > > nat on ... from ... to ... tagged TAG -> ... > >so they only apply for packets that are not (later) re-routed. > >Daniel >_______________________________________________ >freebsd-pf@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-pf >To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > RC? Coulda sworn we were only at beta2 publicly.. Brian