Date: Wed, 5 Apr 2017 16:26:02 +0300 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: Nils Beyer <nbe@renzel.net> Cc: freebsd-net@freebsd.org Subject: Re: [PF] Symmetric routing enforcement, how-to without using "reply-to"... Message-ID: <20170405132602.GC20974@zxy.spb.ru> References: <4956261.2DO1X0b8Gd@asbach.renzel.net> <20170405113352.GB20974@zxy.spb.ru> <29877.6759453633$1491395346@news.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 05, 2017 at 02:46:06PM +0200, Nils Beyer wrote: > I wrote: > > If I try > > > > ping -S 8.0.0.1 8.8.8.8 > > > > or > > > > ping -S 9.0.0.1 8.8.8.8 > > > > I always see packets only going out on the default gateway's interface. > > sorry, my fault. After issuing a "pfctl -F all", these ICMP packets are > now going through the designated interface. > > The problem by externally induced responses are still there, though... Responses generated stateless, i.e. generated ICMP not "answered" to some packets, this is just ICMP packets destinated to some host and source address selected by routing and interface w/ default gateway.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170405132602.GC20974>