Interface igb0:
nat on igb1 to 10.10.10.100 -> igb0
pass out on igb1 route-to ( igb0 10.0.0.1 ) from igb0 to 10.10.10.100
Why don't you use igb1 interface?
nat on igb1 to 10.10.10.100 -> igb0
And on Server B:
route add -host 10.0.0.10 10.10.10.10
29.10.2016 13:14, James Morris пишет:
Hi,
I added the pf rule:
pass out on igb1 route-to ( igb0 10.0.0.1 ) from any to 10.10.10.100
But now when I try to reach 10.10.10.100 traffic goes out igb0 as expected, but
it has the source IP of igb1
# ping 10.10.10.100
# tshark -i igb0
Capturing on 'igb0'
1 0.000000 10.10.10.10 -> 10.10.10.100 ICMP 98 Echo (ping) request
id=0xb403, seq=0/0, ttl=64
2 0.001509 RealtekU_12:35:02 -> Broadcast ARP 60 Who has 10.10.10.10?
Tell 10.0.0.1
3 1.020896 10.10.10.10 -> 10.10.10.100 ICMP 98 Echo (ping) request
id=0xb403, seq=1/256, ttl=64
4 1.022268 RealtekU_12:35:02 -> Broadcast ARP 60 Who has 10.10.10.10?
Tell 10.0.0.1
Traffic is flowing out the correct interface, but has the wrong source IP
address.
What am I doing wrong here?
Thanks,
James
From: Patrick Lamaiziere <patr...@davenulle.org>
Sent: 28 October 2016 11:21
To: James Morris
Cc: freebsd-pf@freebsd.org
Subject: Re: Forcing a route using pf
Le Thu, 27 Oct 2016 19:23:38 +0000,
James Morris <jamesmorr...@outlook.com> a écrit :
Hi,
Hello,
While this does solve the issue of pushing traffic through igb0,
however any income connections to igb1 from server B also get shunted
out igb0.
I was wondering if there is a way to do this in pf.
see PF route-to option.
Regards,
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
