kern/110174: pf pass route-to does not assign correct IP for the
packets created on the same pf-host
t at dim.kiev.ua
Sun Mar 11 01:40:06 UTC 2007
>Synopsis: pf pass route-to does not assign correct IP for the packets created on the same pf-host
>Arrival-Date: Sun Mar 11 01:40:05 GMT 2007
>Originator: Dmitro Tarasyuk
FreeBSD ndiasb.kiev.ua 6.2-STABLE FreeBSD 6.2-STABLE #2: Tue Feb 20 16:08:32 EET 2007 su at ndiasb.kiev.ua:/usr/src/sys/i386/compile/NDIASB i386
FreeBSD was installed as NAT server, transparent proxy squid server for the local network with 3 interfaces, one for LAN and $if1 and $if2 for the ISP1 and ISP2.
Default route is assigned to the $if1_gw.
Rules into pf.conf below have to provide traffic splitting through table "xnets".
table <xnets> perist
pass out quick log on $if1 fastroute inet from $if1 to <xnets> keep state
pass out quick log on $if1 route-to ( $if2 $if2_gw ) inet from $if1 to ! <xnets> keep state
It mean I want to route packets _created_on_the_same_server_ where pf works through $if2 interface if destination IP does not belong to the table "xnet". Otherwise they have to be routed in standard way and must go through $if1 as default.
If the packet is created in the local server without assigning source IP address (widespread case), system has to assign source IP in compliance with the routing table. When this packet satisfies the route-to rule above, obviously pf have to change source IP with IP of the $if2, not $if1. But tcpdump shows that it is wrong. I think this is the bug.
More information about the freebsd-bugs