Hi, Am 11.09.2009 00:58, schrieb Laurent Ghigonis: > On Fri, 11 Sep 2009 02:23:54 +0400 > Vadim Zhukov <persg...@gmail.com> wrote: >> Hello all. >> >> Can anyone ack that route-to/reply-to rules do not work on amd64? >> I have the following rule in pf.conf: >> >> pass in quick on $limit_if inet proto icmp icmp-type echoreq \ >> reply-to ($limit_if $limit_gw) >> >> It does not work (IPs replaced via corresponding macros by me), >> see tcpdump(8) output: >> >> 02:00:58.171084 77.108.65.40 > ($limit_if): icmp: echo request >> 02:00:58.171113 77.108.65.40 > $limit_gw: icmp: echo request >> >> Yep, such weird. And when I remove "reply-to" clause, it works as >> intended: >> >> 01:53:11.174644 77.108.65.40 > ($limit_if): icmp: echo request >> >> No ICMP replies seen - they try to go via default route that is on >> another interface. >> >> There are similar problems with "route-to": it looks like acting as >> "rdr-to", replacing destination IP address. >> >> I have no problems on i386 firewall with same sort of setup. >> >> System was updated via snapshot two days ago, and then kernel and >> pfctl(8) were rebuilt then from source while debugging this case. Full >> dmesg is at the end of letter. >> >> Thank you for any responses. >> > > i think i have the same problem on amd64 (current) with reply-to > > the reply-to ($if $gw) makes reply go to $gw instead of the sender > it was working before the pf nat change
I is also not working with the 2009-09-07 snapshot on i386. Michael
