How make the route-to working ?
Sam Fourman Jr.
sfourman at gmail.com
Sat Feb 13 11:49:11 UTC 2010
On Thu, Feb 11, 2010 at 4:38 PM, geoffroy desvernay
<dgeo at centrale-marseille.fr> wrote:
> Albert Shih a écrit :
>> Hi all,
>>
>> I've a problem with route-to.
>>
>> I've a server with 2 interfaces, and I'm running jail on this server. Each
>> interface have is own public IP address.
>>
>> eth0 -- IP0 eth1 -- IP1
>>
>> and I've a default route (for example in IP0 subnet).
>>
>> So if the jail is in the IP0 subnet no problem everything work.
>>
>> Now if I put a jail in IP1 subnet, and some client try to connect to this
>> jail the answer come out through eth0 because of the default route (suppose
>> the client is not on my subnet).
>>
>> I don't want that. I want the answer come out through the eth1
>>
>> I'm trying to use pf to do that and put in my pf.conf something like
>>
>> pass in all
>> pass out all
>> pass out on eth0 route-to {(eth0 IP0_Gateway)} from <IP0> to ! IP0_subnet
>> pass out on eth1 route-to {(eth1 IP1_Gateway)} from <IP1> to ! IP1_subnet
>>
>> but it's not working, if I run a tcpdump on the host I can see the
>> incoming packet come in from eth1 and the outgoing come out on eth0.
>>
>> And if I try do remove default route the outgoing packet don't come out....
>>
>> Any help ?
>>
>> Regards.
>>
>>
> Hi,
>
> I'm using that for the same case:
>
> You just have to catch packets on the interface they would go normally:
>
> pass out on *eth0* route-to {(eth1 IP1_Gateway)} from <IP1> to !eth1:network
>
> The other rule is not needed in this case
>
> You may also try instead a 'reply-to' rule on eth1's inbound, as David
> DeSimone suggested.
>
> A third and cleaner solution would be to use multiple routing-tables -
> see setfib(1) and 'options ROUTETABLES' of the kernel...
I have searched the net high and low and I can not find any good
examples on how to use multiple routing tables.
I agree that it would be cleaner do you have a example of how to do this?
if anyone has links to examples for Multiple routing tables examples
post them please.
Sam Fourman Jr.
Sam Fourman Jr.
More information about the freebsd-pf
mailing list