route-to not working

Wesley wcglist at gmail.com
Wed Mar 19 13:36:32 UTC 2008


Dear people,

I have 2 links on a box, and I don't want to load balance it but, only to
reply requests in the same interface that it comes.

I tried to use the route-to, but it not seems to work.

Could you please, give-me a help?

It's my configuration:

set skip on lo0
scrub on xl0 reassemble tcp no-df random-id
scrub on xl1 reassemble tcp no-df random-id
scrub on dc0 reassemble tcp no-df random-id
nat on xl0 from 172.16.0.0/24 to any -> (xl0) static-port
rdr on dc0 inet proto tcp to port 80 -> 127.0.0.1 port 3128 round-robin
sticky-address
antispoof quick for {xl0,dc0,xl1}
block proto tcp from 172.16.0.0/24 to any port 3128
# Internal Traffic
pass in quick on dc0 from any to any
pass out quick on dc0 from any to any
# Outgoing
pass out on xl0 proto tcp all flags S/SA modulate state
pass out on xl0 proto { udp, icmp } all keep state
pass out on xl1 proto tcp all flags S/SA modulate state
pass out on xl1 proto { udp, icmp } all keep state
# Pass basic services
pass in quick on xl1 proto tcp from any to any port { 22, 21, 1194 } keep
state
pass in quick on xl0 proto tcp from any to any port { 22, 21, 1194 } keep
state
pass in on xl0 proto udp from any to any port 53
pass in on xl1 proto udp from any to any port 53
# Pass VPN
pass in quick on xl1 proto udp from any to port 1194 keep state
pass quick on tun0
# Source nat route
pass out log on xl0 route-to ( xl1 200.232.164.1 ) from xl1 to any
pass out on xl1 route-to ( xl0 201.83.16.1 ) from xl0 to any
# Close
block return-rst in log quick on xl0 inet proto tcp from any to any
block return-rst in log quick on xl1 inet proto tcp from any to any
block return-icmp in log quick on xl0 proto udp from any to any
block return-icmp in log quick on xl1 proto udp from any to any
block in quick on xl0 all
block in quick on xl1 all

Best Regards,

Wesley Gentine


More information about the freebsd-pf mailing list