My problem of pf rule
Travis H.
solinym at gmail.com
Sun Dec 11 03:18:55 PST 2005
> let's put aside the subnet routing env.s the int are in and the routing
> table of host is like this, if the dest IP of packet is in <set0> then
> it's forwarded to em0, if is in <set1> then em1. I turn on NAT on em0.
>
> there are two questions left:
> 1. I wanna employ a flow control for the two fxp int on em0 other than.
> cuz NAT is applying on em0, I can't describe the flow of the two fxp int
> using 'on em0' respectively. I describe them on their source int like this:
>
> pass in on fxp0 inet from <fxp0_ip> to <set0> queue queue0
> pass in on fxp0 inet from <fxp1_ip> to <set1> queue queue1
What's "a flow control"? I don't see why you can't specify "on em0",
even when NAT is in use.
> 2. The host itself may also send data by em0 using the IP of em0, how
> can I describe this flow? Using cbq(default) or whatever?
How about:
pass out on em0 from (em0) to any
This notation for use with dynamic IPs is described in the FAQ:
http://www.openbsd.org/faq/pf/
--
http://www.lightconsulting.com/~travis/ -><- Knight of the Lambda Calculus
"We already have enough fast, insecure systems." -- Schneier & Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
More information about the freebsd-pf
mailing list