pf question

To: current-users%NetBSD.org@localhost
Subject: pf question
From: Alex Poylisher <sher%komkon.org@localhost>
Date: Tue, 16 Sep 2008 14:32:00 -0400

I have the following Xen setup with -current:

Dom0:

bnx0:
        192.168.21.115

xvif1.0:
        10.0.1.1

xvif2.0:
        10.0.2.1

DomU1:

eth0:
        10.0.1.2

DomU2:

eth0:
        10.0.2.2

Now, pf is set up as follows on Dom0:

pass out on bnx0 all
pass in on bnx0 all
pass out on bnx1 all
pass in on bnx1 all
pass in quick on xvif1.0 route-to (bnx0 192.168.21.113) all
pass in quick on xvif2.0 route-to (bnx0 192.168.21.113) all
        
This is to forward any packets between DomU1 and DomU2 via an external
machine at 192.168.21.113.  The software on that machine inspects the packet 
returns it unchanged to Dom0.

Now, I have verified with trcpdump that an ICMP echo request  from DomU2 to 
DomU1 (10.0.2.2 to 10.0.1.2) passes through xvif2.0, then bnx0, arrives at the 
external machine and arrives back at bnx0 unchanged.  I expect it to be
routed to 10.0.1.2 via xvif1.0 (Dom0 is configured as a gateway).  Instead,
I see a routing loop as the request packet is sent back to the external
machine from bnx0.  No static routes are configured.

Any pointers much appreciated.

-- 
Alex Poylisher
sher{at}komkon{dot}org

Prev by Date: Re: aac(4) and multiple ld(4)s
Next by Date: Re: current userland slapd no response
Previous by Thread: /usr/share/vi/catalog etcupdate vs. postinstall
Next by Thread: amd(8), external drive and mount parameters
Indexes:

Home | Main Index | Thread Index | Old Index