On 8/27/2010 9:09 PM, Doug Hardie wrote:
On 27 August 2010, at 05:07, Patrick Lamaiziere wrote:
Le Thu, 26 Aug 2010 18:17:19 -0700, Doug Hardie<[email protected]> a
écrit :
PF's route_to will return the packets to the proper router, but I
have not been able to figure out which ones those would be. The
source IP address can be any on either network and its highly
likely that we will see packets from the same source network on
both at the same time. The only distinction I see in the input
packets between the two paths is the MAC address of the router.
I don't see any way in pf or the system to use that to affect the
return path though.
the filter option "reply-to" looks to be what you need. It works
by keeping the state of a connection (see pf.conf(5)).
That works great on the output if you can figure out which packets to
use it on. The only way I can see to separate the traffic is using
the router MAC address. I don't find anything in pf that will look
at that.
Yes, pf cannot use the MAC address to classify a packet. The most
sensible sollution would be installing a single router to handle
both lines but I know it's not always feasible to do so for several
reasons. ipfw can use MAC addresses for classification, perhaps you
hack some rules using fwd, skipto and mac.
Nikos
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
