Gabriele Bulfon wrote:
Thanx for your suggestion.
I already have ipfilter configured on this machine, so I could quickly test if the
"to" keyword could help.
This is what happens.
If I just permit access to a port on the new IP, and permit outgoing traffic
from that new IP, a snoop on the device shows the coming connection and also
shows the machine is trying to reply with the new IP source address. But as I
said, the kernel routing move the packet to the wrong router.
Then I tried to use the "to" keyword like this:
pass out quick on rtls1 to rtls1:<newrouter> from <newip> to any
What happens now is that the snoop command shows the coming connection only. No
packet reply is seen.
This suggests me that ipfilter is trying to do something, but the reply seems
to die.
...
Just to give me an idea of which ballpark this problem is in, if you do
"ping <newip>" first, does the reply packet go out?
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
