reply-to doesn't seem to work
Vlad GALU
vladgalu at gmail.com
Fri Feb 24 16:48:23 PST 2006
I have a machine with two interfaces. On one of them there is a
webserver listening for client connections. The machine's default
route is through the other interface.
Let's assume the interfaces are called if1, if2 and that the
webserver is listening on if2.
I have a rule like this:
pass in quick on $if2 reply-to ($if2 $if2gw) inet proto tcp from
any to ($if2) port = 80 flags S/SA keep state.
The replies should leave the box through if2, right ? Well, they
don't. I had to add a rule like this:
pass out quick on $if1 route-to ($if2 $if2gw) inet from ($if2) to any
I can see the reply-to rule creating states, and yet it doesn't
work as advertised. Ideas, anybody ?
--
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
More information about the freebsd-pf
mailing list