PF and redirects to different FIB's

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Steven Burrell <winglessza_at_gmail.com>
Date: Wed, 23 Feb 2022 12:06:30 UTC

Hi There,



I’ve been sitting on a problem for a while now and have tried various
options to now avail. As an Example, I have 3 FIB’s, with overlapping ip’s.



FIB 0

FIB 1

FIB 2



I’m trying to redirect received TACACS traffic ( tcp 49 ) from FIB 1 and 2
through to another Server located within FIB 0, and have return traffic
still return to the correct FIB and destination.



Ie.



Server 1:



Interface : 1

   - Belongs to FIB 0
   - 10.0.0.1



Interface : 2

   - Belongs to FIB 1
   - 192.168.0.1



Interface : 3

   - Belongs to FIB 2
   - 192.168.0.1





Server 2:



Interface : 1

   - On same network as Server 1.
   - 10.0.0.2
   - Gateway is set to 10.0.0.1
   - Runs a TACACS Server



Now I need PF to redirect in the inbound traffic on interface 2 and 3 for
port 49 tcp through to server 2 in FIB 0.

I’ve been able to get the traffic to get to Server 2, and the reply gets to
Server 1 in FIB 0, but there is no transition back to the original FIB.



I used this : rdr pass inet proto tcp from any to any port 49 rtable 0 ->
10.200.0.13 port 49



In OpenBSD I was able to achieve all of this effortlessly with:



*pass in quick on any proto tcp to any port {49} rdr-to 10.200.0.12 rtable
0*



Any suggestions or advise would be welcome.


[image: image.png]




Thanks.