Bernd Bednarz wrote:
j knight schrieb:
Bernd Bednarz wrote:
I was testing much more with this and always got the same result.
nat on $pppoe1 from $supp_net to any -> ($pppoe1)
nat on $pppoe2 from $supp_net to any -> ($pppoe2)
rdr pass on $pppoe2 proto tcp from any to any port 80 -> 10.30.70.43
pass out on $pppoe2 route-to ($pppoe1 $gw1) from $pppoe1 to any
pass out on $pppoe1 route-to ($pppoe2 $gw2) from $pppoe2 to any
This is now actually in my pf.conf but everytime the packets wich come
through $pppoe2 ($dsl2) pass the rdr wants to go out through $pppoe1 ($dsl1)
The pf manpage don't tells more about this an the pf-Guide too.
What am I doing wrong?
You do need to specify reply-to on connections coming in on $dsl2. Since
you can't do that in an rdr rule, put your pass filtering rule back in
place (as you had in your original email). Along with reply-to, you need
to make sure you're keeping state.
The reply-to option is similar to route-to, but routes packets that
pass in the opposite direction (replies) to the specified inter-
face. Opposite direction is only defined in the context of a state
entry, and reply-to is useful only in rules that create state.
^^^^^^^^^^^^^
The state entry is what causes the reply packets to be policy routed.
Otherwise packets follow the routing table (as you're finding out).
.joel
