Fwd: Fwd: Dual-feed: PF setup troubles
Brian
bri at sonicboom.org
Wed Aug 17 21:19:24 GMT 2005
Daniel Hartmeier wrote:
>On Mon, Aug 15, 2005 at 08:06:03PM +0400, Sergey Lapin wrote:
>
>
>
>>And as for other bugs - return to wrong place and NAT from wrong interface?
>>#2 is serious
>>http://www.mail-archive.com/freebsd-pf@freebsd.org/msg00421.html
>>
>>
>
>Repeat it on 6.0RC and provide the smallest ruleset that reproduces it
>completely. The order of how translation rules are evaluated with
>routing rules has changed several times, 6.0RC contains the newest code.
>
>Note that translation rules (like NAT) are executed before route-to is,
>i.e. if you let outgoing packets first go out the default interface, any
>NAT rule on that interface is performed, _before_ the packet is then
>re-routed to the non-default interface. Using route-to on the internal
>interface makes this a non-issue, but you met the bug when trying that.
>Assuming that bug is fixed, it will probably be the simplest approach,
>and work.
>
>If you do want to use route-to on the outgoing default interface,
>however, you can try restricting the nat rules to appropriately tagged
>packets, like
>
> nat on ... from ... to ... tagged TAG -> ...
>
>so they only apply for packets that are not (later) re-routed.
>
>Daniel
>_______________________________________________
>freebsd-pf at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
>
RC? Coulda sworn we were only at beta2 publicly..
Brian
More information about the freebsd-pf
mailing list