[PF] Symmetric routing enforcement, how-to without using "reply-to"...
Nils Beyer
nbe at renzel.net
Thu Apr 6 07:08:54 UTC 2017
Marek Zarychta wrote:
> pass in quick on $ext_if_1 \
> [...]
> pass in quick on $ext_if_2 reply-to ($ext_if_2 $ip_gw_2) \
> [...]
> pass in quick on $ext_if_1 \
> [...]
> pass in quick on $ext_if_2 \
that's what I meant in my opening post - you have to create a rule for
every possible gateway. It even gets more complex if your server itself
is a gateway for other servers in your network and you have to distribute
outgoing traffic depending on the requesting server in your network.
So something simple like:
------------------------------------------------------------------------------
ipfw add 60000 fwd $ip_gw_2 all from $ext_net_2 to any via $ext_if_1
ipfw add 60001 fwd $ip_gw_1 all from $ext_net_1 to any via $ext_if_2
------------------------------------------------------------------------------
is not possible with PF?
Regards,
Nils
More information about the freebsd-net
mailing list