From owner-freebsd-pf@FreeBSD.ORG Sat Feb 28 10:32:12 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6EA2106566B for ; Sat, 28 Feb 2009 10:32:12 +0000 (UTC) (envelope-from link@ngc.net.ua) Received: from ex.volia.net (ex.volia.net [82.144.192.10]) by mx1.freebsd.org (Postfix) with ESMTP id A14968FC16 for ; Sat, 28 Feb 2009 10:32:12 +0000 (UTC) (envelope-from link@ngc.net.ua) Received: from em.volia.net ([82.144.192.9]) by ex.volia.net with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1LdLAW-000LfZ-5b; Sat, 28 Feb 2009 11:07:36 +0200 Received: from mannerly.silver.volia.net ([93.72.28.237] helo=[192.168.2.180]) by em.volia.net with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1LdLAV-000AgK-V5; Sat, 28 Feb 2009 11:07:36 +0200 Message-ID: <49A8FED7.3000603@ngc.net.ua> Date: Sat, 28 Feb 2009 11:07:35 +0200 From: Zinevich Denis User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: Tom Uffner References: <49A7D547.9040801@ngc.net.ua> <49A811D4.5030900@uffner.com> <49A8177B.9010209@ngc.net.ua> <49A85BD4.7050105@uffner.com> In-Reply-To: <49A85BD4.7050105@uffner.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Volia-Original-IP: 93.72.28.237 Cc: freebsd-pf@freebsd.org Subject: Re: freebsd 7.1 pf route-to connection stall X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2009 10:32:13 -0000 "pass in on $if_bce0 route-to ($if_bce0 $if_bce0_gw) to any" will not work. But anyway question is not in syntax of rules, because nobody touched it and it was working on 6.3, 7.1-p2, but not on 7.1-p3 Network is quite simple. Server has 2 cards bce0 and bce1 bce0 - 172.20.51.10 bce1 - 172.20.1.130 default gw - 172.20.1.1 networks are /24 As i described before qoal of my rule is to ignore default route when request comes on 172.20.51.10. Without such rule reply will go to 172.20.1.1 and with pf rule it will go out to 172.20.51.1 via bce0. For example similar rule for ipfw: ipfw add 1 fwd 172.20.51.1 from 172.20.51.10 to any May i misunderstood something in your reply... But i was not talking about chipset, I was talking about patch level of freebsd. and such behaviour appears only in 7.1-p3 Tom Uffner пишет: > Link wrote: >> Tom Uffner wrote: > >>> i'm having trouble making sense of that rule. could you explain (or >>> maybe >>> draw a simple diagram) what you are trying to accomplish with it? > >> Seems that i found problem. And I`m going to post it to freebsd bugs. > > you're probably better of staying on freebsd-pf > >> My full configuration is: >> >> if_bce0="bce0" >> if_bce0_gw="172.20.51.1" >> if_bce1="bce1" >> >> scrub in all >> >> pass out on $if_bce1 route-to ($if_bce0 $if_bce0_gw) from $if_bce0 to >> any no state flags any >> >> The sense is: when packet comes in on bce0 server should ignore >> default route ( set on bce1 ) and reply via bce0 using gateway if_bce0_gw > > just guessing (based on very incomplete info) you might want > "pass in on $if_bce0 route-to ($if_bce0 $if_bce0_gw) to any" > > but it seems like there should be a simpler way to do that. > > can you give us a little more info about your net topology? for example, > what IP addresses, if any, are bound to the interfaces? what network(s) > are directly attached? location(s)/address(es) of your router(s)? do you > have any static routes defined? > >> Now i have about 15 hosts with freebsd 7.1 >> Part of them are p2 and part of them p3 >> This problem appears only in p3 > > not sure why the chipset would make a difference. maybe that is a bug. > > tom > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > >