Date: Fri, 27 Aug 2010 23:19:24 +0300 From: Nikos Vassiliadis <nvass9573@gmx.com> To: Doug Hardie <bc979@lafn.org> Cc: Patrick Lamaiziere <patfbsd@davenulle.org>, freebsd-questions@freebsd.org Subject: Re: Routing Question Message-ID: <4C781DCC.3020503@gmx.com> In-Reply-To: <2D2B914E-B6FA-43CF-9741-559D74D43B9E@lafn.org> References: <96E6F9A3-49F5-4C55-8248-6D62717636DF@lafn.org> <20100827140713.41391a3e@davenulle.org> <2D2B914E-B6FA-43CF-9741-559D74D43B9E@lafn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/27/2010 9:09 PM, Doug Hardie wrote: > > On 27 August 2010, at 05:07, Patrick Lamaiziere wrote: > >> Le Thu, 26 Aug 2010 18:17:19 -0700, Doug Hardie<bc979@lafn.org> a >> écrit : >> >>> PF's route_to will return the packets to the proper router, but I >>> have not been able to figure out which ones those would be. The >>> source IP address can be any on either network and its highly >>> likely that we will see packets from the same source network on >>> both at the same time. The only distinction I see in the input >>> packets between the two paths is the MAC address of the router. >>> I don't see any way in pf or the system to use that to affect the >>> return path though. >> >> the filter option "reply-to" looks to be what you need. It works >> by keeping the state of a connection (see pf.conf(5)). > > That works great on the output if you can figure out which packets to > use it on. The only way I can see to separate the traffic is using > the router MAC address. I don't find anything in pf that will look > at that. Yes, pf cannot use the MAC address to classify a packet. The most sensible sollution would be installing a single router to handle both lines but I know it's not always feasible to do so for several reasons. ipfw can use MAC addresses for classification, perhaps you hack some rules using fwd, skipto and mac. Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C781DCC.3020503>