Routing router-originating traffic via route-to rules
Frank Behrens
frank at jasmin.behrens.de
Tue Jan 26 11:07:26 UTC 2010
Stefan <stefanferreira at gmail.com> wrote on 26 Jan 2010 12:02:
> I've googled this one to bits and pulled out quite a lot of hair:
> Basically I need a way to route, using "route-to" filter rules, the
> traffic originating on the freebsd router itself. The problem with doing
> this is that pf only sees the packets on their way out, when an outbound
> interface has already been chosen by the routing tables. Therefore pf's
> route-to rules have no effect on locally originating traffic.
I had always some trouble with this approach. I used rules like
nat inet from any to xxx port yyy tag IF2 -> $myaddr
pass out quick on $iface from $myaddr to any tag IF2
pass out quick on $defaultinterface route-to ($iface $hisaddr) tagged IF2
Now I'm using an associated FIB (setfib(8)) for desired processes and it works very well
without any trouble. Routed traffic is also assigned to the fib with pf's "rtable" option.
Frank
--
Frank Behrens, Osterwieck, Germany
PGP-key 0x5B7C47ED on public servers available.
More information about the freebsd-pf
mailing list