From owner-freebsd-pf@FreeBSD.ORG Fri Feb 27 21:32:33 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8870710656CB for ; Fri, 27 Feb 2009 21:32:33 +0000 (UTC) (envelope-from tom@uffner.com) Received: from eris.uffner.com (eris.uffner.com [207.245.121.212]) by mx1.freebsd.org (Postfix) with ESMTP id 44E438FC08 for ; Fri, 27 Feb 2009 21:32:32 +0000 (UTC) (envelope-from tom@uffner.com) Received: from xiombarg.uffner.com (static-71-162-143-94.phlapa.fios.verizon.net [71.162.143.94]) (authenticated bits=0) by eris.uffner.com (8.14.3/8.14.3) with ESMTP id n1RLW4ZP006917 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 27 Feb 2009 16:32:32 -0500 (EST) (envelope-from tom@uffner.com) Message-ID: <49A85BD4.7050105@uffner.com> Date: Fri, 27 Feb 2009 16:32:04 -0500 From: Tom Uffner User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.19) Gecko/20090125 SeaMonkey/1.1.14 MIME-Version: 1.0 To: Link References: <49A7D547.9040801@ngc.net.ua> <49A811D4.5030900@uffner.com> <49A8177B.9010209@ngc.net.ua> In-Reply-To: <49A8177B.9010209@ngc.net.ua> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.94.2/9054/Fri Feb 27 04:02:52 2009 on eris.uffner.com X-Virus-Status: Clean Cc: freebsd-pf@freebsd.org Subject: Re: freebsd 7.1 pf route-to connection stall X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2009 21:32:34 -0000 Link wrote: > Tom Uffner wrote: >> i'm having trouble making sense of that rule. could you explain (or maybe >> draw a simple diagram) what you are trying to accomplish with it? > Seems that i found problem. And I`m going to post it to freebsd bugs. you're probably better of staying on freebsd-pf > My full configuration is: > > if_bce0="bce0" > if_bce0_gw="172.20.51.1" > if_bce1="bce1" > > scrub in all > > pass out on $if_bce1 route-to ($if_bce0 $if_bce0_gw) from $if_bce0 to > any no state flags any > > The sense is: when packet comes in on bce0 server should ignore default > route ( set on bce1 ) and reply via bce0 using gateway if_bce0_gw just guessing (based on very incomplete info) you might want "pass in on $if_bce0 route-to ($if_bce0 $if_bce0_gw) to any" but it seems like there should be a simpler way to do that. can you give us a little more info about your net topology? for example, what IP addresses, if any, are bound to the interfaces? what network(s) are directly attached? location(s)/address(es) of your router(s)? do you have any static routes defined? > Now i have about 15 hosts with freebsd 7.1 > Part of them are p2 and part of them p3 > This problem appears only in p3 not sure why the chipset would make a difference. maybe that is a bug. tom