tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Source address based routing with PF
On Mon, Jun 07, 2010 at 07:22:01PM +0100, Matthias Scheler wrote:
>
> Hello,
>
> I've got a machine with two IPv6 tunnels:
>
~~~
>
> The IPv6 default route points to 2001:6f8:900:954::1, the remote
> tunnel address of "gif0". I want to use PF to make sure that
> packets which use 2001:4dd0:ff00:1a4::2, the local tunnel address
> of "gif1", as the source address go out via "gif1". I cannot get
> this to work even with a very basic "pf.conf" which looks like this:
>
> pass in all
> pass out all
> pass out on gif0 route-to ( gif1 2001:4dd0:ff00:1a4::1 ) from
> 2001:4dd0:ff00:1a4::2 to any
>
> Any ideas where the problem is? I've tried switching the order of the
> last two rules but it didn't help.
>
> I'm using PF 4.2 under NetBSD 5.1_RC2.
>
This seems to work for me:
pass out route-to ($stf_if 2002:c058:6301::) from $stf_sn to !<my6nets>
pass out route-to $sixxs_if from $sixxs_sn to !<my6nets>
pass out route-to $he_if from $he_sn to !<my6nets>
My default route is to the remote address on $he_if.
Not sure what the key difference is though.
Jonathan Kollasch
Home |
Main Index |
Thread Index |
Old Index