Date: Wed, 07 Mar 2007 04:40:27 -0600 From: Chris <racerx@makeworld.com> To: Ed Schouten <ed@fxq.nl> Cc: freebsd-pf@freebsd.org Subject: Re: Trying to setup DSR load balancing with pf route-to Message-ID: <45EE969B.5080603@makeworld.com> In-Reply-To: <20070307095414.GG75767@hoeg.nl> References: <20070307095414.GG75767@hoeg.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Ed Schouten wrote:
> Hello,
>
> I have the same problem as well. The route-to doesn't seem to be able to
> emit packets at all. I have a setup like this:
>
> -----+----------+----- <- 10.0.0.0/24 - outside
> | |
> +----+---+ +---+----+
> | PF box | | Router |
> +--------+ +---+----+
> |
> ----------------+----- <- 192.168.0.0/24 - inside
>
> I'm able to reproduce this issue with this really simple pf.conf:
>
> | pass in log on xl0 route-to (xl0 10.0.0.7) to 192.168.0.0/24
>
> When packets from the outside to 192.168.0.0/24 arrive at the PF box,
> the above rule will match the packets. `tcpdump -i pflog0 -n -e' will
> match the packets, but they are not routed to the router. They just get
> trashed. dup-to will also only route the packet to the default route.
> This means that routing packets to a specific address is broken right
> now.
>
> Yours,
Shouldn't the diagram look like this - based on your wording. OR,
perhaps what you really mean is that the PF box and router ought to be
reversed?
----------------+----- <- 10.0.0.0/24 - outside
|
+---+----+
| PF box |
+---+----+
|
+---+----+
| Router |
+---+----+
|
----------------+----- <- 192.168.0.0/24 - inside
--
Best regards,
Chris
Nothing is ever so bad that it can't get worse.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45EE969B.5080603>