PF - reply-to
ultima1252 at gmail.com
Sun Mar 7 19:31:36 UTC 2021
More details would be helpful. There can be a few reasons why it is not
working that I can see.
1. Do you have an rdr rule to redirect to $web_addr for the pass rule?
2. Rules out of order
3. Conflicting rules.
The best way to debug this would be logging the rules and watching where
the traffic is going via tcpdump.
On Sun, Mar 7, 2021 at 10:58 AM Ludovit Koren <ludovit.koren at gmail.com>
> Hi all,
> we have 2 Internet connections coming on the same interface. One is
> primarily used for incoming connections and services that we provide to
> Internet (web, mail). The other connection is primarily used for
> browsing (cache/proxy) and DNS. There are 2 different routers.
> I am using FreeBSD 12.2-STABLE r369178 and PF. The question is which
> router should I set as default router. I suppose, I can use reply-to
> and/or route-to, respectively. If I use (default router $router2):
> pass in on $ext_if reply-to (bge0 $router1) inet proto tcp from any to
> $web_addr port 443 keep state
> it is not working. The following setup is working (default router
> pass out on $ext_if route-to (bge0 $router2) inet proto tcp from any to
> any keep state
> Is it bug or I do not understand the manual page correctly?
> Thank you very much.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions