From owner-freebsd-questions@freebsd.org Sun Mar 7 19:31:36 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9AC2557097A for ; Sun, 7 Mar 2021 19:31:36 +0000 (UTC) (envelope-from ultima1252@gmail.com) Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Dts6J03qFz3RDW for ; Sun, 7 Mar 2021 19:31:35 +0000 (UTC) (envelope-from ultima1252@gmail.com) Received: by mail-ej1-x633.google.com with SMTP id p8so15896980ejb.10 for ; Sun, 07 Mar 2021 11:31:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kRPzGc1t8haFEcKfHIaJs/OTFukS8z3lcrLWtzMasMk=; b=WtZ9jsOmAwQoCj9wpGHljrq+nByNueHks5lWwJBVJkmvYBp2WDWUSgYos6JcoCrocU /PWZR+MbhxBZZIs6IqDeyau6qAHdd5eKbABbqHLH2x2MVf/7AYx7j1eLsE4aOFT9ctuz zR7lKX2w8ZZX7RYBlwurQljt4o9tDdJmq6ygnb7njO/Igj3b779muRKEO/KW3OL+gnGM InOB1RYDJmHJLLqoeUmSYjpyCtd8UK7uGEjN5u3F55IRnmpBlaC/pjHPJkTj7HaBx+qN aOt10DSaaLL96prKDRoHVFCh7lB6gDTLvyzwhIkkqTDma2NR7rLnIAzsJkYiod5+TAQa t9NQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kRPzGc1t8haFEcKfHIaJs/OTFukS8z3lcrLWtzMasMk=; b=tCoTUMeztxq7qel62LqNxuEerlMoa7sTdwxwWTiKUVVYJRZhCLWvLzXWbqiXLPQFtt GlC7Fr/pjzYq05ZEiwH2Eyp5HS4fEtt2eJxqkdHfBMKg9vS55ob5z99T8zZ8W8BL/pSp 8gi2AXDw8BNKKDM3msrf38/BxJ1iC7w1KMPO3nb8XMLZViEkmbngpB0frzp1nPPSGqWe EScFSWpbWCkhUNKXaxSGXwkErNe8ksMC2tw2luv1FJ0WWtO4F4lSO8aQYFCKvUpzrQ2z NaY92Zeeqh4EV4sdj4fQ9p1HgYMcjVq4GfaUtT63OhJeQmkZ32R9llth/tcKZmh3OsBi Qx+w== X-Gm-Message-State: AOAM533TFsREcWneQxf1brXgzFGm0AuZSIedGhA2H+qOh9kM7t8ixxLw enALIKuiB1hgnhpbOFaVAaHkrd/3kf0Pu87lP+g= X-Google-Smtp-Source: ABdhPJxJyYKkBxRa6LQaTgmgjiiQAk17hSEbI4R8Nq+/d1ZI1WdpCnvkFzAn0ZpkhHSpRg5J50/DqEBbzvoyxfVuAec= X-Received: by 2002:a17:906:801:: with SMTP id e1mr11438284ejd.465.1615145494492; Sun, 07 Mar 2021 11:31:34 -0800 (PST) MIME-Version: 1.0 References: <8635x6vli2.fsf@gmail.com> In-Reply-To: <8635x6vli2.fsf@gmail.com> From: Ultima Date: Sun, 7 Mar 2021 11:31:23 -0800 Message-ID: Subject: Re: PF - reply-to To: Ludovit Koren Cc: FreeBSD Mailing List X-Rspamd-Queue-Id: 4Dts6J03qFz3RDW X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=WtZ9jsOm; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of ultima1252@gmail.com designates 2a00:1450:4864:20::633 as permitted sender) smtp.mailfrom=ultima1252@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2a00:1450:4864:20::633:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; SPAMHAUS_ZRD(0.00)[2a00:1450:4864:20::633:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::633:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Mar 2021 19:31:36 -0000 Hey Ludovit, More details would be helpful. There can be a few reasons why it is not working that I can see. 1. Do you have an rdr rule to redirect to $web_addr for the pass rule? 2. Rules out of order 3. Conflicting rules. The best way to debug this would be logging the rules and watching where the traffic is going via tcpdump. Best regards, Richard Gallamore On Sun, Mar 7, 2021 at 10:58 AM Ludovit Koren wrote: > > > Hi all, > > we have 2 Internet connections coming on the same interface. One is > primarily used for incoming connections and services that we provide to > Internet (web, mail). The other connection is primarily used for > browsing (cache/proxy) and DNS. There are 2 different routers. > > I am using FreeBSD 12.2-STABLE r369178 and PF. The question is which > router should I set as default router. I suppose, I can use reply-to > and/or route-to, respectively. If I use (default router $router2): > > pass in on $ext_if reply-to (bge0 $router1) inet proto tcp from any to > $web_addr port 443 keep state > > it is not working. The following setup is working (default router > $router1): > > pass out on $ext_if route-to (bge0 $router2) inet proto tcp from any to > any keep state > > Is it bug or I do not understand the manual page correctly? > > Thank you very much. > > Regards, > lk > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >