Re: Source address based routing with PF

To: Matthias Scheler <tron%zhadum.org.uk@localhost>
Subject: Re: Source address based routing with PF
From: "Jonathan A. Kollasch" <jakllsch%kollasch.net@localhost>
Date: Mon, 7 Jun 2010 19:28:17 +0000

On Mon, Jun 07, 2010 at 07:22:01PM +0100, Matthias Scheler wrote:
> 
>       Hello,
> 
> I've got a machine with two IPv6 tunnels:
> 
~~~
> 
> The IPv6 default route points to 2001:6f8:900:954::1, the remote
> tunnel address of "gif0". I want to use PF to make sure that
> packets which use 2001:4dd0:ff00:1a4::2, the local tunnel address
> of "gif1", as the source address go out via "gif1". I cannot get
> this to work even with a very basic "pf.conf" which looks like this:
> 
> pass in all
> pass out all
> pass out on gif0 route-to ( gif1 2001:4dd0:ff00:1a4::1 ) from 
> 2001:4dd0:ff00:1a4::2 to any
> 
> Any ideas where the problem is? I've tried switching the order of the
> last two rules but it didn't help.
> 
> I'm using PF 4.2 under NetBSD 5.1_RC2.
> 

This seems to work for me:

pass out route-to ($stf_if 2002:c058:6301::) from $stf_sn to !<my6nets>
pass out route-to $sixxs_if from $sixxs_sn to !<my6nets>
pass out route-to $he_if from $he_sn to !<my6nets>

My default route is to the remote address on $he_if.
Not sure what the key difference is though.

        Jonathan Kollasch

Follow-Ups:
- Re: Source address based routing with PF
  - From: Matthias Scheler

References:
- Source address based routing with PF
  - From: Matthias Scheler

Prev by Date: Source address based routing with PF
Next by Date: Re: Source address based routing with PF
Previous by Thread: Source address based routing with PF
Next by Thread: Re: Source address based routing with PF
Indexes:

Home | Main Index | Thread Index | Old Index