Hey, I ended up going with the following:
nat on ! igb0 to 10.10.10.100 port 80 -> igb0 pass out on ! igb0 route-to ( igb0 10.0.0.1 ) from 10.0.0.10 to 10.10.10.100 This should scale to more interfaces and restrict the routing by port too. Thanks, James From: owner-freebsd...@freebsd.org <owner-freebsd...@freebsd.org> on behalf of Max <maxi...@als.nnov.ru> Sent: 31 October 2016 07:30:17 To: freebsd-pf@freebsd.org Subject: Re: Forcing a route using pf Interface igb0: nat on igb1 to 10.10.10.100 -> igb0 pass out on igb1 route-to ( igb0 10.0.0.1 ) from igb0 to 10.10.10.100 Why don't you use igb1 interface? nat on igb1 to 10.10.10.100 -> igb0 And on Server B: route add -host 10.0.0.10 10.10.10.10 29.10.2016 13:14, James Morris пишет: > Hi, > > I added the pf rule: > > pass out on igb1 route-to ( igb0 10.0.0.1 ) from any to 10.10.10.100 > > But now when I try to reach 10.10.10.100 traffic goes out igb0 as expected, > but it has the source IP of igb1 > > # ping 10.10.10.100 > > # tshark -i igb0 > Capturing on 'igb0' > 1 0.000000 10.10.10.10 -> 10.10.10.100 ICMP 98 Echo (ping) request >id=0xb403, seq=0/0, ttl=64 > 2 0.001509 RealtekU_12:35:02 -> Broadcast ARP 60 Who has 10.10.10.10? >Tell 10.0.0.1 > 3 1.020896 10.10.10.10 -> 10.10.10.100 ICMP 98 Echo (ping) request >id=0xb403, seq=1/256, ttl=64 > 4 1.022268 RealtekU_12:35:02 -> Broadcast ARP 60 Who has 10.10.10.10? >Tell 10.0.0.1 > > > Traffic is flowing out the correct interface, but has the wrong source IP > address. > > What am I doing wrong here? > > Thanks, > > James > > > > From: Patrick Lamaiziere <patr...@davenulle.org> > Sent: 28 October 2016 11:21 > To: James Morris > Cc: freebsd-pf@freebsd.org > Subject: Re: Forcing a route using pf > > Le Thu, 27 Oct 2016 19:23:38 +0000, > James Morris <jamesmorr...@outlook.com> a écrit : > > Hi, > > Hello, > >> While this does solve the issue of pushing traffic through igb0, >> however any income connections to igb1 from server B also get shunted >> out igb0. >> >> I was wondering if there is a way to do this in pf. > see PF route-to option. > > Regards, > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf freebsd-pf Info Page lists.freebsd.org This is a forum for technical discussions concerning the packet filter (pf) firewall as well as for general issues and questions around the use of pf in terms of FreeBSD. > To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf freebsd-pf Info Page lists.freebsd.org This is a forum for technical discussions concerning the packet filter (pf) firewall as well as for general issues and questions around the use of pf in terms of FreeBSD. To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
