This is even more strange to me. If I change rule 39 and 40 by taking out the "on" interface to the following:
PF Rules: (rule number prepended, these are the _last_ 6 lines in my pf.conf) 39: pass out quick log from 172.16.0.1 route-to (em0 192.168.0.1) 40: pass out quick log from 172.16.1.1 route-to (em1 10.10.0.1) 41:pass out log on em0 42:pass out log on em1 43:pass out log on em0 from em1 route-to (em1 10.10.0.1) 44:pass out log on em1 from em0 route-to (em0 192.168.0.1) Tests: $ traceroute -s 172.16.0.1 -n google.com Tcpdump pflog0 output: Aug 28 21:41:11.215660 rule 40/(match) pass out on em0: 172.16. 1.1.63306 > 74.125.45.147.33449: udp 12 Aug 28 21:41:11.225656 rule 39/(match) pass out on em1: 172.16.0.1.48096 > 74.125.45.147.33449: udp 12 Now these packets are being caught by my rule 39 and 40, but it appears the route-to is just being ignored. Am I reading the tcpdump output wrong? I just don't get it..?
