From owner-freebsd-pf@FreeBSD.ORG Sat Feb 25 00:48:22 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1D5616A429 for ; Sat, 25 Feb 2006 00:48:22 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C9D343D45 for ; Sat, 25 Feb 2006 00:48:22 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: by zproxy.gmail.com with SMTP id i28so449062nzi for ; Fri, 24 Feb 2006 16:48:21 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=QxZMkmUHgKmgsKQTUULffUEw4XjMfovx5yPDleSH75Wh2QrtwRIuGDSfXULC2sS56QG5mG1atxDnAbLCzNK/6ksU/rRNLaZEjNdCdz38HDNLLE+mQmlsORYF3Y4mSYs1YNVoFHtcY7RqPZCtu0wcozICSlyc6pgAIGQ2op+YTDE= Received: by 10.35.18.4 with SMTP id v4mr378504pyi; Fri, 24 Feb 2006 16:48:21 -0800 (PST) Received: by 10.35.38.9 with HTTP; Fri, 24 Feb 2006 16:48:21 -0800 (PST) Message-ID: <79722fad0602241648y24a4d578h23d2ea536d634210@mail.gmail.com> Date: Sat, 25 Feb 2006 02:48:21 +0200 From: "Vlad GALU" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: reply-to doesn't seem to work X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2006 00:48:23 -0000 I have a machine with two interfaces. On one of them there is a webserver listening for client connections. The machine's default route is through the other interface. Let's assume the interfaces are called if1, if2 and that the webserver is listening on if2. I have a rule like this: pass in quick on $if2 reply-to ($if2 $if2gw) inet proto tcp from any to ($if2) port =3D 80 flags S/SA keep state. The replies should leave the box through if2, right ? Well, they don't. I had to add a rule like this: pass out quick on $if1 route-to ($if2 $if2gw) inet from ($if2) to any I can see the reply-to rule creating states, and yet it doesn't work as advertised. Ideas, anybody ? -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.