Date: Sat, 10 Dec 2005 12:10:45 +0800 From: yayj <yayjsir@gmail.com> To: freebsd-pf@FreeBSD.org Subject: My problem of pf rule Message-ID: <439A5545.1090308@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi guys: I'm puzzled with pf rule when NAT is used. The interfaces of my host look this: em0 em1 | | ------------- | FreeBSD | ------------- | | fxp0 fxp1 let's put aside the subnet routing env.s the int are in and the routing table of host is like this, if the dest IP of packet is in <set0> then it's forwarded to em0, if is in <set1> then em1. I turn on NAT on em0. there are two questions left: 1. I wanna employ a flow control for the two fxp int on em0 other than. cuz NAT is applying on em0, I can¡¯t describe the flow of the two fxp int using 'on em0' respectively. I describe them on their source int like this: pass in on fxp0 inet from <fxp0_ip> to <set0> queue queue0 pass in on fxp0 inet from <fxp1_ip> to <set1> queue queue1 the downside of the this approach is I need to change the routing table and the rules for pf simultaneously. How to separate them from each other? Does script is the only way to modify therouting table & rules all together. 2. The host itself may also send data by em0 using the IP of em0, how can I describe this flow? Using cbq(default) or whatever?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?439A5545.1090308>