Hi Misc,
I’m trying to use policy based routing (route-to) with divert-packet feature.
I’m just using example code written at divert’s man page. (man divert)
I’ve two WAN interfaces which are pppoe0(default gw) and pppoe.
Those pf rules works below:
#
pass in log quick on vether10 inet proto udp
Hi Misc,
I’m trying to use policy based routing (route-to) with divert-packet feature.
I’m just using example code written at divert’s man page. (man divert)
I’ve two wan interfaces which are pppoe0(default gw) and pppoe1
Those pf rules works below:
#
pass in log quick on vether10 inet proto
The code says it well - after your divert(4) client reinjects the
packet back into the kernel, it bypasses any pf checks and goes
straight to the {ip_,ip6_}output function because of possible loops.
That's all perfectly sensible, and I feel more likely to hurt myself
if I could get a packet to
2010/10/3, Daniel Browning-Weber weber...@gmail.com:
Okay, and the divert (4) man page says that outbound packets,
after being reinjected, are processed directly by the relevant
IP/IPv6 output function, so I probably can't get pf to take
another look at them so that route-to will apply.
If I
Il giorno lun, 04/10/2010 alle 10.03 -0400, Daniel Browning-Weber ha
scritto:
Those work great, without the divert-packet. And the divert-packet
works great, if I only have one internet connection. But I'm trying
to get them to both be applied.
I'll look into that in the next few days, i'm
Il giorno ven, 01/10/2010 alle 18.15 -0400, Daniel Browning-Weber ha
scritto:
Is the use of both route-to and divert-packet in the same PF rule
supported?
divert-packet should be currently used alone. It sends the packet up to
userspace and any other options are lost.
-Weber ha
scritto:
Is the use of both route-to and divert-packet in the same PF rule
supported?
divert-packet should be currently used alone. It sends the packet up to
userspace and any other options are lost.
Is the use of both route-to and divert-packet in the same PF rule supported?
I have two rules of the form:
pass out log quick on $ext_if1 inet from $internal_lan to any flags S/SA \
keep state scrub (reassemble tcp) route-to ( $ext_if1 $ext_if1_gw ) \
nat-to ( $ext_if1:0 ) divert
8 matches
Mail list logo