Re: Policy-based routing with ipf

To: Michael van Elst <mlelstv%serpens.de@localhost>
Subject: Re: Policy-based routing with ipf
From: Stephen Borrill <netbsd%precedence.co.uk@localhost>
Date: Mon, 8 Jul 2024 15:30:08 +0100 (BST)

On Thu, 4 Jul 2024, Michael van Elst wrote:

netbsd%precedence.co.uk@localhost (Stephen Borrill) writes:

  10.3.0.1 <-> NetBSD <-> 192.168.102.1
10.3.0.254 <-> filter <-> 192.168.102.254

My plan is to use policy-based routing to direct matched traffic back to
192.168.102.x via 10.3.0.254 (e.g. http or smb). I cannot work out how to
achieve this from the man page though.



Assuming the following interface names:

            wm0        wm1

  10.3.0.1 <-> NetBSD <-> 192.168.102.1


this should be:

pass out quick on wm1 to wm0:10.3.0.254 from 10.3.0.1 to 192.168.102.0/24

pass out quick on wm1               packets sent by wm1
to wm0:10.3.0.254                   redirect to wm0 with next hop 10.3.0.254
from 10.3.0.1                       if src is the NetBSD box
to 192.168.102.0/24                 and dst is on the other net

Thanks Michael, it was the "packets sent by wm1" bit I'd missed. Thisworks, I just had to put the rules early on in the ruleset because oflater rules akin to:


pass out quick on wm1 to 192.168.102.0/24
pass out quick on wm0 to 10.3.0.0.16

I needed to also add a corresponding pass in rule because of later rules

--
Stephen

References:
- Policy-based routing with ipf
  - From: Stephen Borrill
- Re: Policy-based routing with ipf
  - From: Michael van Elst

Prev by Date: Re: Policy-based routing with ipf
Next by Date: In-kernel PPPoE issues
Previous by Thread: Re: Policy-based routing with ipf
Next by Thread: In-kernel PPPoE issues
Indexes:

Home | Main Index | Thread Index | Old Index