pf routing issue?
Daniel Hartmeier
daniel at benzedrine.cx
Fri Mar 4 17:49:30 GMT 2005
On Fri, Mar 04, 2005 at 09:42:02AM -0800, Ben Shelton wrote:
> pass in quick inet proto tcp from any to x.x.x.x keep state
This allow only incoming packets (on any interface). It does not allow
packets to go out through any interface. Even if a packet first comes in
on one interface, and is then routed out through another interface, that
second step is blocked, because the rule does not allow packets to go
out through any interface. What else did you expect the 'in' option in
that rule to do?
If I understand you correctly, you've been trying to connect _from_ the
firewall to another host (getting the 'no route to host' error, which
has a new additional meaning, issued also when pf blocks an outgoing
packet from a local socket), so you should expect outgoing packets on
some interface...
Daniel
More information about the freebsd-pf
mailing list