Date: Fri, 16 Nov 2012 09:40:28 -0500 From: Peter McAlpine <peter@aoeu.ca> To: freebsd-pf@freebsd.org Subject: Routing return NAT traffic based on interface Message-ID: <CAEDV4ypAo21-4KYws0LTxC%2BXSNNtSmWvMpvFGro6BqNH2z==Wg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I am having trouble with routing via pf and would appreciate any help that can be provided. My router has a tunnel interface, and an external (internet) interface. I'd like to NAT any traffic that arrives on the tunnel out to the internet via the external interface. Any traffic that arrives on the external interface that is not specifically for the external interface's address should be sent down the tunnel. Here's my config: data_if = "tap3" ext_if = "em0" set skip on lo0 nat on $ext_if from !$ext_if:network to any -> ($ext_if) pass in on $ext_if route-to $data_if from any to !$ext_if:network My motivation is that I am completely unaware of the networks that exist beyond the tunnel and want to be able to add additional interfaces with RFC1918 addresses to my router without worrying about whether my IP is colliding with the IPs past the tunnel. Further, I want the traffic that arrives on the tunnel to remain in its original state until it leaves on the external interface. The issue I'm having is that the 'pass' rule is not being matched (or even evaluated?). My default gateway on the router is the ext_if and return traffic is being reverse-translated and then the routing table is sending it back out ext_if instead of down data_if where I want it to go. I have also tried rebuilding my kernel and using different routing tables but I can't get any pass rule to be evaluated for returning NAT traffic. Thanks in advance for any help you can provide. -Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEDV4ypAo21-4KYws0LTxC%2BXSNNtSmWvMpvFGro6BqNH2z==Wg>