freebsd-pf Digest, Vol 75, Issue 4

bsd-list bsd-list at mail.ru
Sun Feb 26 22:15:37 PST 2006 

Hi Vlad
> 
> Message: 1
> Date: Sat, 25 Feb 2006 02:48:21 +0200
> From: "Vlad GALU" <vladgalu at gmail.com>
> Subject: reply-to doesn't seem to work
> To: freebsd-pf at freebsd.org
> Message-ID:
> 	<79722fad0602241648y24a4d578h23d2ea536d634210 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
>    I have a machine with two interfaces. On one of them there is a
> webserver listening for client connections. The machine's default
> route is through the other interface.
>    Let's assume the interfaces are called if1, if2 and that the
> webserver is listening on if2.
>    I have a rule like this:
>     pass in quick on $if2 reply-to ($if2 $if2gw) inet proto tcp from
> any to ($if2) port = 80 flags S/SA keep state.
>   The replies should leave the box through if2, right ? Well, they
> don't. I had to add a rule like this:
>    pass out quick on $if1 route-to ($if2 $if2gw) inet from ($if2) to any
"pass in quick on $if2 " --> pass incomming packets from your webserver
"pass out quick on $if1" ->pass outgoing packets to defalut path
Think about directions "in/out" that way:
You are inside the box, the incoming packets are these that arrived from
outside to you and the outgoing traffic are the packets that travel from
you to outside
>    I can see the reply-to rule creating states, and yet it doesn't
> work as advertised. Ideas, anybody ?
> 
> 
> --
> If it's there, and you can see it, it's real.
> If it's not there, and you can see it, it's virtual.
> If it's there, and you can't see it, it's transparent.
> If it's not there, and you can't see it, you erased it.
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Sat, 25 Feb 2006 02:49:35 +0200
> From: "Vlad GALU" <vladgalu at gmail.com>
> Subject: Re: reply-to doesn't seem to work
> To: freebsd-pf at freebsd.org
> Message-ID:
> 	<79722fad0602241649n3864eb94w3c2e06e72283c22c at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> On 2/25/06, Vlad GALU <vladgalu at gmail.com> wrote:
> [...]
> 
>    Sorry, I forgot to mention that this happens on 6.1-PRERELEASE. I
> couldn't check on other versions, unfortunately.
> 
> --
> If it's there, and you can see it, it's real.
> If it's not there, and you can see it, it's virtual.
> If it's there, and you can't see it, it's transparent.
> If it's not there, and you can't see it, you erased it.
> 
> 
> ------------------------------
> 
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> 
> 
> End of freebsd-pf Digest, Vol 75, Issue 4
> *****************************************
>

More information about the freebsd-pf mailing list