|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Don Tek (dontek
gmail.com)
Date: Fri Aug 27 2010 - 16:33:09 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Well, I thought I had this issue worked out, but my pf rules aren't
evaluating as I expected them to:
PF Rules: (rule number prepended, these are the _last_ 6 lines in my pf.conf)
39:pass out quick log on em0 from 172.16.0.1 route-to (em0 192.168.0.1)
40:pass out quick log on em1 from 172.16.1.1 route-to (em1 10.10.0.1)
41:pass out log on em0
42:pass out log on em1
43:pass out log on em0 from em1 route-to (em1 10.10.0.1)
44:pass out log on em1 from em0 route-to (em0 192.168.0.1)
Tests:
$ traceroute -s 172.16.0.1 -n google.com
Tcpdump pflog0 output:
Aug 27 15:35:16.418090 rule 42/(match) pass out on em1: 172.16.0.1.34561> 74.125.45.106.33438: udp 12
Aug 27 15:50:01.658596 rule 41/(match) pass out on em0: 172.16.0.1.63615> 74.125.45.103.33444: udp 12
Why are these packets not being caught by rule 39 and always going out the em0 gateway?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]