From owner-freebsd-pf@FreeBSD.ORG Mon Nov 26 19:28:11 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BD9333E2 for ; Mon, 26 Nov 2012 19:28:11 +0000 (UTC) (envelope-from oerik2011gcarney@o2.pl) Received: from moh1-ve1.go2.pl (moh1-ve1.go2.pl [193.17.41.131]) by mx1.freebsd.org (Postfix) with ESMTP id 73EC68FC0C for ; Mon, 26 Nov 2012 19:28:11 +0000 (UTC) Received: from moh1-ve1.go2.pl (unknown [10.0.0.131]) by moh1-ve1.go2.pl (Postfix) with ESMTP id AB80B91C8F1; Mon, 26 Nov 2012 20:28:10 +0100 (CET) Received: from o2.pl (unknown [10.0.0.36]) by moh1-ve1.go2.pl (Postfix) with SMTP; Mon, 26 Nov 2012 20:28:10 +0100 (CET) Subject: =?UTF-8?Q?***?= From: =?UTF-8?Q?oerik2011gcarney?= To: alex200262@inbox.ru, freebsd-pf@freebsd.org, tycho@ele.uri.edu, printer@eecs.umich.edu Mime-Version: 1.0 Message-ID: <3feff2de.43f3fa30.50b3c2c9.9d9c2@o2.pl> Date: Mon, 26 Nov 2012 20:28:09 +0100 X-Originator: 217.115.137.222 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 19:28:11 -0000 i=20made=20the=20starbucks=20guy=20say=20large=20instead=20of=20venti=20I= =20HAVE=20ALREADY=20CONQUERED=20WEDNESDAY=20WHAT=20NOWhttp://ELISABETH.sh= 0rturl.ru/?name-DWIGHT From owner-freebsd-pf@FreeBSD.ORG Wed Nov 28 10:20:26 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 38429DE7 for ; Wed, 28 Nov 2012 10:20:26 +0000 (UTC) (envelope-from a.krivulya@compenta.com.ua) Received: from mail.lissoft.com.ua (mail.compenta.com.ua [217.76.201.83]) by mx1.freebsd.org (Postfix) with ESMTP id D333E8FC26 for ; Wed, 28 Nov 2012 10:20:24 +0000 (UTC) Received: from [10.1.1.131] (helo=thinkpad.it-profi.org.ua) by mail.lissoft.com.ua with esmtpa (Exim 4.77 (FreeBSD)) (envelope-from ) id 1TdekZ-000DNr-8W for freebsd-pf@freebsd.org; Wed, 28 Nov 2012 12:20:15 +0200 Message-ID: <50B5E55F.9090702@compenta.com.ua> Date: Wed, 28 Nov 2012 12:20:15 +0200 From: Alexandr Krivulya User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:16.0) Gecko/20121030 Thunderbird/16.0.2 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Subject: Re: Problem with route-to option References: In-Reply-To: X-Enigmail-Version: 1.4.5 Content-Type: multipart/mixed; boundary="------------020701060208000909030100" X-SA-Exim-Connect-IP: 10.1.1.131 X-SA-Exim-Mail-From: a.krivulya@compenta.com.ua X-SA-Exim-Scanned: No (on mail.lissoft.com.ua); SAEximRunCond expanded to false X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2012 10:20:26 -0000 This is a multi-part message in MIME format. --------------020701060208000909030100 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 25.11.2012 14:20, Shaymardanov Rushan пишет: > Hello. I have a problem using pf in Freebsd 9.0. > I'm using frebsd box as gateway and I have 2 ISP. I'd like to route some > clients via second provider and a'm using pf's route-to fuction for it: > > ( ... ) > nat on ng0 inet from 172.18.100.254 to any -> xx.xx.xx.157 > (...) > pass in route-to (ng0 10.0.0.1) inet from 172.18.100.254 to any tag SUBS > (...) > > Packets are routed correctly (via ng0), and nat works well, but IP checksum > is bad and I don't receive any response: > > gw# tcpdump -i ng0 -s 0 -v -n icmp > tcpdump: listening on ng0, link-type NULL (BSD loopback), capture size > 65535 bytes > 18:11:54.456027 IP (tos 0x0, ttl 128, id 218, offset 0, flags [none], proto > ICMP (1), length 60, bad cksum 9390 (->9093)!) > xx.xx.xx.157 > 8.8.8.8: ICMP echo request, id 3993, seq 171, length 40 > 18:11:59.480968 IP (tos 0x0, ttl 128, id 219, offset 0, flags [none], proto > ICMP (1), length 60, bad cksum 9290 (->9092)!) > xx.xx.xx.157 > 8.8.8.8: ICMP echo request, id 3993, seq 172, length 40 > 18:12:04.506907 IP (tos 0x0, ttl 128, id 220, offset 0, flags [none], proto > ICMP (1), length 60, bad cksum 9190 (->9091)!) > xx.xx.xx.157 > 8.8.8.8: ICMP echo request, id 3993, seq 173, length 40 > > Without route-to (if for example I change routing table for particular > destination address), checksums are good and traffic passes correctly. > > > Rushan Shaymardanov > Hello! I have exactly same issue with pf-nat and outgoing traffic from ng-interfaces. With ipfw nat there is no problem. Problem exists on 9.0, 9.1-RC3 and stable. --------------020701060208000909030100--