From owner-freebsd-pf@FreeBSD.ORG Sat Dec 10 04:10:13 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 376FD16A41F for ; Sat, 10 Dec 2005 04:10:13 +0000 (GMT) (envelope-from yayjsir@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDB6743D45 for ; Sat, 10 Dec 2005 04:10:12 +0000 (GMT) (envelope-from yayjsir@gmail.com) Received: by zproxy.gmail.com with SMTP id q3so1058764nzb for ; Fri, 09 Dec 2005 20:10:11 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:content-type:content-transfer-encoding; b=PGCMpYY3huKsOGMnaDSBmGUaiMxZ/BKT6H9DWvzyi9qVbRL6/NNQndM7igJ8RYpWP5IFwcXy4jm1cQA3OwFmyfOJN664T1LUOjIVlQMVm/vgtZo5lq7ju9MCheRUalLiMJAvfdrFL3v72g2o48/5qd6uIjrHI9vShFCcVWYKSss= Received: by 10.36.42.12 with SMTP id p12mr4071572nzp; Fri, 09 Dec 2005 20:10:11 -0800 (PST) Received: from ?211.83.98.3? ( [218.88.100.176]) by mx.gmail.com with ESMTP id 39sm5592622nzk.2005.12.09.20.10.10; Fri, 09 Dec 2005 20:10:11 -0800 (PST) Message-ID: <439A5545.1090308@gmail.com> Date: Sat, 10 Dec 2005 12:10:45 +0800 From: yayj User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: zh-cn,zh MIME-Version: 1.0 To: freebsd-pf@FreeBSD.org Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 8bit Cc: Subject: My problem of pf rule X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Dec 2005 04:10:13 -0000 Hi guys: I'm puzzled with pf rule when NAT is used. The interfaces of my host look this: em0 em1 | | ------------- | FreeBSD | ------------- | | fxp0 fxp1 let's put aside the subnet routing env.s the int are in and the routing table of host is like this, if the dest IP of packet is in then it's forwarded to em0, if is in then em1. I turn on NAT on em0. there are two questions left: 1. I wanna employ a flow control for the two fxp int on em0 other than. cuz NAT is applying on em0, I can¡¯t describe the flow of the two fxp int using 'on em0' respectively. I describe them on their source int like this: pass in on fxp0 inet from to queue queue0 pass in on fxp0 inet from to queue queue1 the downside of the this approach is I need to change the routing table and the rules for pf simultaneously. How to separate them from each other? Does script is the only way to modify therouting table & rules all together. 2. The host itself may also send data by em0 using the IP of em0, how can I describe this flow? Using cbq(default) or whatever?