Date: Mon, 08 Mar 2021 12:36:09 +0100 From: Ludovit Koren <ludovit.koren@gmail.com> To: Ultima <ultima1252@gmail.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: PF - reply-to Message-ID: <86y2exubbq.fsf@gmail.com> In-Reply-To: <CANJ8om5RJBD=EmzRPpD_%2BavrRgpWBNGj9NbXfyUdOKcaL00vgA@mail.gmail.com> (Ultima's message of "Sun, 7 Mar 2021 11:31:23 -0800") References: <8635x6vli2.fsf@gmail.com> <CANJ8om5RJBD=EmzRPpD_%2BavrRgpWBNGj9NbXfyUdOKcaL00vgA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> Ultima <ultima1252@gmail.com> writes: > Hey Ludovit, > More details would be helpful. There can be a few reasons why it is not working that I can see. > 1. Do you have an rdr rule to redirect to $web_addr for the pass rule? yes, I have a rdr rule. but there are rules without rdr and it seems they are not working either. > 2. Rules out of order I do not understand. I have definitions, nat, rdr, and rules. > 3. Conflicting rules. I did not find any. > The best way to debug this would be logging the rules and watching where the traffic is going via tcpdump. I did exactly what you suggest. The block rule logged reset packet from the source of the web traffic. As soon as I changed the default router, everything have started to work with the same unchanged pf.conf. Regards, lk > Best regards, > Richard Gallamore > On Sun, Mar 7, 2021 at 10:58 AM Ludovit Koren <ludovit.koren@gmail.com> wrote: > Hi all, > we have 2 Internet connections coming on the same interface. One is > primarily used for incoming connections and services that we provide to > Internet (web, mail). The other connection is primarily used for > browsing (cache/proxy) and DNS. There are 2 different routers. > I am using FreeBSD 12.2-STABLE r369178 and PF. The question is which > router should I set as default router. I suppose, I can use reply-to > and/or route-to, respectively. If I use (default router $router2): > pass in on $ext_if reply-to (bge0 $router1) inet proto tcp from any to $web_addr port 443 keep state > it is not working. The following setup is working (default router $router1): > pass out on $ext_if route-to (bge0 $router2) inet proto tcp from any to any keep state > Is it bug or I do not understand the manual page correctly? > Thank you very much. > Regards, > lk > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86y2exubbq.fsf>