On 2025-04-16, Nat <nath...@25mail.net> wrote: > ------MP7YXJDOKQIN31VRO5PIXOUGA0ODIA > Content-Type: text/plain; > charset=utf-8 > Content-Transfer-Encoding: quoted-printable > > Hello, > > I have the following NAT64 rule in my pf=2Econf > > pass in quick on $LAN inet6 from any to 64:ff9b::/96 af-to inet from (wg5) > > This rule correctly translates the incoming IPv6 traffic into IPv4 traffic= > , however the interface on which it leaves through is not wg5, rather it is= > the default egress interface=2E > This happens despite specifying the from address to be the address of the = > wg5=2E
When sending packets, the routing table is used to determine which interface is used to send traffic over. Changing the source address doesn't affect this. This is standard behaviour on probably all OS. > tcpdump on the default egress interface shows the traffic leaving on the i= > ncorrect interface: > 17:13:43=2E368709 [wg5 IPv4 address] > x=2Ex=2Ex=2Ex: icmp: echo request = > (DF) > > Is this a bug, am I missing a pf line or could this be intended behavior f= > or some reason? > > How can I make the traffic leave on the correct interface? Depending on exactly what you want to do, you might want simple v4 route table entries, you might want "route-to" in pf, you might want to use some combination of rdomain and maybe also wgrtable, or something else. There's not enough information in your email to determine what is the "correct" interface for any given traffic. -- Please keep replies on the mailing list.
