Re: Source-based routing (sometimes)

To: Hans Rosenfeld <rosenfeld%grumpf.hope-2000.org@localhost>
Subject: Re: Source-based routing (sometimes)
From: Michael Graff <explorer%flame.org@localhost>
Date: Tue, 24 Nov 2009 14:10:08 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hans Rosenfeld wrote:

> I recently had a similar problem. Some other pf rule created state
> information that matched those packets that were supposed to go through
> the tunnel. Adding "no state" to all rules that could possibly affect
> those packets fixed it for me.

I thought this was the problem as well, but it does not seem to be so.

In my case, ONLY packets coming in through the tunnel will have a
destination of 149.20.7.222/27, and I just want the replies to go out
that path as well.

I do see that packets originating inside my home net actually works
correctly though, and goes out and back in on gif0.

So, it seems that there is state being learned, but I have no idea why a
packet coming into gif0 is not getting learned as "should go out gif0".

- --Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksMPaAACgkQl6Nz7kJWYWYvmQCeI7Et3p7BL4GGKP2esIvOp3bx
+K4AnR+zObDl9w2ZvSoVnZlCayfQxfwu
=+j7l
-----END PGP SIGNATURE-----

References:
- Source-based routing (sometimes)
  - From: Michael Graff
- Re: Source-based routing (sometimes)
  - From: Hans Rosenfeld

Prev by Date: Re: dom0 panics when copying large file
Next by Date: Re: dom0 panics when copying large file
Previous by Thread: Re: Source-based routing (sometimes)
Next by Thread: Re: Source-based routing (sometimes)
Indexes:

Home | Main Index | Thread Index | Old Index