Re: route-to and reply-to equivalents in npf?

To: Brian Buhrow <buhrow%nfbcal.org@localhost>
Subject: Re: route-to and reply-to equivalents in npf?
From: "Jonathan A. Kollasch" <jakllsch%kollasch.net@localhost>
Date: Wed, 26 Jul 2017 07:26:46 -0500

On Tue, Jul 25, 2017 at 10:59:16PM -0700, Brian Buhrow wrote:
> 	Hello.  I'm working on transitioning services at our shop from
> NetBSD-5 to NetBSD-8.  As part of that effort, I'm working on figuring out
> how to write configurations for npf(7) which are direct replacements for
> our pf(4) configurations.  The process looks pretty straightforward, except
> for one case which we use quite extensively.  In pf(4), one can use the
> route-to and reply-to rules to explicitly route packets sourced from
> certain interfaces to other interfaces.  We use this to allow us to use
> public IP addresses from one ISP through a series of VPN'S, allowing us to
> provide service through non-local networks.
> As an example, here is a snippet from one of our working systems. (IP
> addresses changed to protect the innocent)
> 
> In the below example, $dmz_if is one interface of this machine that routes
> to a local subnet.  $vpn_if is the interface that runs through an IP
> tunnel.  Any traffic from the $dmz_if should be routed through the $vpn_if
> instead of using the standard routing table.  Any traffic originating from
> the $vpn_if destined for the $dmz_if should be return-routed to the
> $vpn_if.
> 	This works beautifully under pf(4) under NetbSD-4 and NetBSD-5.  How
> can I replicate this behavior under NetBSD-8 with npf?
> -thanks
> -Brian

A "route-to"-alike for NPF hasn't been implemented.  The same is
probably true of a "reply-to"-alike.

	Jonathan Kollasch

References:
- route-to and reply-to equivalents in npf?
  - From: Brian Buhrow

Prev by Date: route-to and reply-to equivalents in npf?
Next by Date: daily CVS update output
Previous by Thread: route-to and reply-to equivalents in npf?
Indexes:

Home | Main Index | Thread Index | Old Index