tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Source address based routing with PF
Hello,
I've got a machine with two IPv6 tunnels:
gif0: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1480
tunnel inet 1.2.3.4 --> 5.6.7.8
inet6 2001:6f8:10e5::1 -> 2001:6f8:900:954::1 prefixlen 128
inet6 fe80::211:2fff:fe8e:931%gif0 -> prefixlen 64 scopeid 0x3
inet6 2001:6f8:10e5::2 -> prefixlen 128
inet6 2001:6f8:10e5::3 -> prefixlen 128
inet6 2001:6f8:10e5::4 -> prefixlen 128
inet6 2001:6f8:10e5::5 -> prefixlen 128
inet6 2001:6f8:900:954::2 -> prefixlen 128
gif1: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1480
tunnel inet 1.2.3.4 --> 9.10.11.12
inet6 2001:4dd0:ff00:1a4::2 -> 2001:4dd0:ff00:1a4::1 prefixlen 128
inet6 fe80::211:2fff:fe8e:931%gif1 -> prefixlen 64 scopeid 0x6
The IPv6 default route points to 2001:6f8:900:954::1, the remote
tunnel address of "gif0". I want to use PF to make sure that
packets which use 2001:4dd0:ff00:1a4::2, the local tunnel address
of "gif1", as the source address go out via "gif1". I cannot get
this to work even with a very basic "pf.conf" which looks like this:
pass in all
pass out all
pass out on gif0 route-to ( gif1 2001:4dd0:ff00:1a4::1 ) from
2001:4dd0:ff00:1a4::2 to any
Any ideas where the problem is? I've tried switching the order of the
last two rules but it didn't help.
I'm using PF 4.2 under NetBSD 5.1_RC2.
Kind regards
--
Matthias Scheler http://zhadum.org.uk/
Home |
Main Index |
Thread Index |
Old Index