Isn't that because your pings aren't originating from em0:network? Your rule need to apply in order to work, and the originating ip of the ping will not be correct in the first place, and neither does the ping come in on em0, as you state in the rule.
"if incoming packets on em0 matches addresses em0:network and dest is 8.8.8.8.." and so on. 2016-11-23 15:04 GMT+01:00 Kenneth Gober <kgo...@gmail.com>: > On Mon, Nov 21, 2016 at 12:10 PM, Stefan Sperling <s...@stsp.name> wrote: > > On Mon, Nov 21, 2016 at 10:43:17AM -0500, Kenneth Gober wrote: > >> I get the impression that route-to is applied when a packet enters the > >> router, > >> e.g. as part of a "pass in" rule, and that it is used to forcibly > direct the > >> packet to a particular interface for "pass out" rather than relying on > the > >> default routing table for the entry interface. > >> > >> This means that if the "pass out" rule is the first time you are seeing > the > >> packet (i.e. because it originated from the router itself) then the > routing > >> decision has already been made and it is now too late to route again. > > > > route-to takes effect when a state is created by a matched rule. > > It is possible to use route-to on 'pass out' rules (at least, over here, > > it works :) > > Prompted by Stefan, I made some time to test this myself and I can > confirm that this works. > > I started with this rule in pf.conf: > > pass in log quick on em0 from em0:network to 8.8.8.8 route-to pppoe0 > tagged TBD tag FORWARD > > And "ping 8.8.8.8" from the internal network got redirected to pppoe0 > (default route is em2) > but the same command issued at the router did not get redirected. I > do not show the pass out > rule here but I have a later one that will pass out (with NAT) > anything tagged FORWARD. > > Adding this rule as well: > > pass out log quick on em2 to 8.8.8.8 route-to pppoe0 > > Caused "ping 8.8.8.8" originating from the router itself to be > redirected just like the > corresponding internal traffic. > > -ken > > -- May the most significant bit of your life be positive.
