Re: NATted outbound traffic sometimes uses backup CARP IP on LACP/LAGG interface
On Thu, 14 Sep 2017, at 23:32, Kristof Provost wrote: > On 14 Sep 2017, at 16:21, Dave Cottlehuber wrote: > > Outgoing traffic (from a jail) via PF NAT over a LAGG/LACP sometimes > > has the *backup* CARP IP address assigned to it. > > > I think this is your problem. You’re telling pf to nat to the IP > address of lagg0, but lagg0 has multiple addresses assigned. > > ‘(lagg0:0)’ should work, or just use the IP address. Thanks Kristof! ($if:0) works perfectly, but I'll need to reboot to test this with the original carp setup though. Can you explain what $if:0 resolves to, for example how does it relate to to the primary ipv4/6 addresses bound to that interface? I couldn't find a reference in the usual ifconfig manpages about this (ifname:#) format, the BNF grammar for pf.conf doesn't cover it either, and `pfctl -vnf ...` simply shows (lagg0:0). A+ Dave ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: NATted outbound traffic sometimes uses backup CARP IP on LACP/LAGG interface
On 15 Sep 2017, at 11:31, Dave Cottlehuber wrote: Can you explain what $if:0 resolves to, for example how does it relate to to the primary ipv4/6 addresses bound to that interface? I couldn't find a reference in the usual ifconfig manpages about this (ifname:#) format, the BNF grammar for pf.conf doesn't cover it either, and `pfctl -vnf ...` simply shows (lagg0:0). It tells pf to not use any of the alias addresses. It’s explained in the pf.conf man page: Interface names and interface group names can have modifiers appended: :network Translates to the network(s) attached to the interface. :broadcastTranslates to the interface's broadcast address(es). :peer Translates to the point-to-point interface's peer address(es). :0Do not include interface aliases. Host names may also have the :0 option appended to restrict the name resolution to the first of each v4 and v6 address found. Regards, Kristof ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
