Hello, I changed the pf.conf a little, so it fits to my needs (I also need multihoming for a server which is reachable via forwarded port). So TCP and ICMP work correctly now. However, I still have problems with UDP services.
For example, I also run a DNS server on this FreeBSD server. If I try to resolve some host using this DNS server by some third party machine like this: $ nslookup host.domain.com A.B.C.D # See the first post for topology description it works smoothly. If I try to use the server's second IP (E.F.G.H), the DNS reply gets stuck in between. After tcpdumping the connection, I realized that even the destination IP in DNS request is E.F.G.H, the source address of DNS reply is A.B.C.D! That is why route-to rule doesn't work any more. If I remember correctly, this is due to the fact, that UDP is connectionless protocol and the DNS server doesn't have to bind to a specific address and port when sending an UDP packet (DNS reply). Therefore it uses the source IP address of the interface via which it tries to send the reply (default route). How could I solve this problem? > May I please see how your final pf.conf now looks like? You can find it here: http://nejc.skoberne.net/pf.conf I incorporated the reply-to rules directly in my filtering definitions. Do not hesitate to ask for further explanation of the rules. Thanks & bye. Nejc
_______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
