From owner-freebsd-pf@FreeBSD.ORG Wed Mar 7 10:25:34 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CAE8116A401 for ; Wed, 7 Mar 2007 10:25:34 +0000 (UTC) (envelope-from F.Haarman@giessen.nl) Received: from mail02.net.giessen.nl (mail.giessen.nl [213.53.114.21]) by mx1.freebsd.org (Postfix) with SMTP id 3855C13C467 for ; Wed, 7 Mar 2007 10:25:34 +0000 (UTC) (envelope-from F.Haarman@giessen.nl) Received: (qmail 63178 invoked from network); 7 Mar 2007 12:03:24 -0000 Received: from unknown (HELO dg-exch1.giessen.nl) (172.16.10.11) by 0 with SMTP; 7 Mar 2007 12:03:24 -0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Importance: normal Priority: normal Date: Wed, 7 Mar 2007 11:25:30 +0100 Message-ID: <2DC959620A73E842969792F5B47FCA01037D436B@dg-exch1.giessen.nl> In-Reply-To: <20070307095414.GG75767@hoeg.nl> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Trying to setup DSR load balancing with pf route-to Thread-Index: Acdgorn0lo0GvSbGQ/ihiV2NhXpeCgAACURw From: "Frans Haarman" To: "Ed Schouten" , Cc: Subject: RE: Trying to setup DSR load balancing with pf route-to X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2007 10:25:34 -0000 This rule works fine: echo "pass in quick log on bge0 route-to $TUNDEV tagged $TUNDEV keep state" Perhaps you forgot the keep state ? Frans Haarman De Giessen Automatisering B.V. Technische Dienst Telefoon : (0184) 67 53 75 Fax : (0184) 61 12 46 E-mail : servicedesk@giessen.nl Website : www.giessen.nl Algemeen Tel : (0184) 67 54 00 d u i d e l i j k e t a a l ! -----Oorspronkelijk bericht----- Van: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org] Namens Ed Schouten Verzonden: woensdag 7 maart 2007 10:54 Aan: freebsd-pf@freebsd.org; chip@2bithacker.net Onderwerp: Re: Trying to setup DSR load balancing with pf route-to Hello, I have the same problem as well. The route-to doesn't seem to be able to emit packets at all. I have a setup like this: -----+----------+----- <- 10.0.0.0/24 - outside | | +----+---+ +---+----+ | PF box | | Router | +--------+ +---+----+ | ----------------+----- <- 192.168.0.0/24 - inside I'm able to reproduce this issue with this really simple pf.conf: | pass in log on xl0 route-to (xl0 10.0.0.7) to 192.168.0.0/24 When packets from the outside to 192.168.0.0/24 arrive at the PF box, the above rule will match the packets. `tcpdump -i pflog0 -n -e' will match the packets, but they are not routed to the router. They just get trashed. dup-to will also only route the packet to the default route. This means that routing packets to a specific address is broken right now. Yours, -- Ed Schouten WWW: http://g-rave.nl/