route-to rule
Rob V
rob at ipninja.net
Thu Sep 8 16:22:10 UTC 2011
>> I realize that pf can't *know* the correct next-hop address for the
>> specified interface, but it can make a reasonable guess (first non-zero
>> address in $ext2:network), so hard-coding would only be required in
>> cases where the "reasonable guess" is incorrect or $ext2 has multiple IP
>> addresses.
>
> There is no guessing involved. If you specify the addresses, this
> address is used for an arp lookup, and the ethernet frame will have
> this IP address' MAC address as destination.
>
> If you don't specify the address, the destination IP address of the
> matching packet is used for the arp lookup instead!
>
> If that destination IP address is not local (i.e. must be sent through
> a next-hop), you MUST specify the next-hop address, or the packet will
> be dropped, as arp resolution will fail.
Unless your router is doing proxy arp.
More information about the freebsd-pf
mailing list