Date: Tue, 26 Jan 2010 12:07:16 +0100 From: "Frank Behrens" <frank@jasmin.behrens.de> To: freebsd-pf@freebsd.org Subject: Re: Routing router-originating traffic via route-to rules Message-ID: <201001261107.o0QB7Gbq034146@post.behrens.de> In-Reply-To: <4B5EBDAC.2030605@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Stefan <stefanferreira@gmail.com> wrote on 26 Jan 2010 12:02: > I've googled this one to bits and pulled out quite a lot of hair: > Basically I need a way to route, using "route-to" filter rules, the > traffic originating on the freebsd router itself. The problem with doing > this is that pf only sees the packets on their way out, when an outbound > interface has already been chosen by the routing tables. Therefore pf's > route-to rules have no effect on locally originating traffic. I had always some trouble with this approach. I used rules like nat inet from any to xxx port yyy tag IF2 -> $myaddr pass out quick on $iface from $myaddr to any tag IF2 pass out quick on $defaultinterface route-to ($iface $hisaddr) tagged IF2 Now I'm using an associated FIB (setfib(8)) for desired processes and it works very well without any trouble. Routed traffic is also assigned to the fib with pf's "rtable" option. Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001261107.o0QB7Gbq034146>