Fwd: Fwd: Dual-feed: PF setup troubles
bri at sonicboom.org
Wed Aug 17 21:19:24 GMT 2005
Daniel Hartmeier wrote:
>On Mon, Aug 15, 2005 at 08:06:03PM +0400, Sergey Lapin wrote:
>>And as for other bugs - return to wrong place and NAT from wrong interface?
>>#2 is serious
>Repeat it on 6.0RC and provide the smallest ruleset that reproduces it
>completely. The order of how translation rules are evaluated with
>routing rules has changed several times, 6.0RC contains the newest code.
>Note that translation rules (like NAT) are executed before route-to is,
>i.e. if you let outgoing packets first go out the default interface, any
>NAT rule on that interface is performed, _before_ the packet is then
>re-routed to the non-default interface. Using route-to on the internal
>interface makes this a non-issue, but you met the bug when trying that.
>Assuming that bug is fixed, it will probably be the simplest approach,
>If you do want to use route-to on the outgoing default interface,
>however, you can try restricting the nat rules to appropriately tagged
> nat on ... from ... to ... tagged TAG -> ...
>so they only apply for packets that are not (later) re-routed.
>freebsd-pf at freebsd.org mailing list
>To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
RC? Coulda sworn we were only at beta2 publicly..
More information about the freebsd-pf