PF - reply-to
ultima1252 at gmail.com
Wed Mar 10 05:01:22 UTC 2021
I'm going to need to see pf.conf and routing table to help further.
Feel free to obfuscate if required. It may also help if you ask the
freebsd-net and freebsd-pf mailing list as well.
On Mon, Mar 8, 2021 at 3:36 AM Ludovit Koren <ludovit.koren at gmail.com>
> >>>>> Ultima <ultima1252 at gmail.com> writes:
> > Hey Ludovit,
> > More details would be helpful. There can be a few reasons why it is
> not working that I can see.
> > 1. Do you have an rdr rule to redirect to $web_addr for the pass
> yes, I have a rdr rule. but there are rules without rdr and it seems
> they are not working either.
> > 2. Rules out of order
> I do not understand. I have definitions, nat, rdr, and rules.
> > 3. Conflicting rules.
> I did not find any.
> > The best way to debug this would be logging the rules and watching
> where the traffic is going via tcpdump.
> I did exactly what you suggest. The block rule logged reset packet from
> the source of the web traffic. As soon as I changed the default router,
> everything have started to work with the same unchanged pf.conf.
> > Best regards,
> > Richard Gallamore
> > On Sun, Mar 7, 2021 at 10:58 AM Ludovit Koren <
> ludovit.koren at gmail.com> wrote:
> > Hi all,
> > we have 2 Internet connections coming on the same interface. One is
> > primarily used for incoming connections and services that we
> provide to
> > Internet (web, mail). The other connection is primarily used for
> > browsing (cache/proxy) and DNS. There are 2 different routers.
> > I am using FreeBSD 12.2-STABLE r369178 and PF. The question is which
> > router should I set as default router. I suppose, I can use reply-to
> > and/or route-to, respectively. If I use (default router $router2):
> > pass in on $ext_if reply-to (bge0 $router1) inet proto tcp from any
> to $web_addr port 443 keep state
> > it is not working. The following setup is working (default router
> > pass out on $ext_if route-to (bge0 $router2) inet proto tcp from
> any to any keep state
> > Is it bug or I do not understand the manual page correctly?
> > Thank you very much.
> > Regards,
> > lk
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
> A: Because it fouls the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing on usenet and in e-mail?
More information about the freebsd-questions