PF Source routing of IPSEC tunnel ESP packets.
- From: Tom Judge <tom@xxxxxxxxxxxx>
- Date: Thu, 08 Feb 2007 11:09:56 +0000
Hi,
I am having some problems with source routing using PF, I tried the PF mailing list but got no responses.
The network layout is available at: http://www.tomjudge.com/tmp/tunnels.png
From the diagram Host A and B both have there default gateway set as ISP A's router, and have a PF rule that should route traffic from ISP B's addresses to ISP B's router. This seems to work for all traffic except the IPSEC ESP packets which always get transmitted to the default gateway that is set on the host. It seems that they do not pass through the firewall or for some reason do not match the route-to rule. Can anyone suggest a solution to this problem?
PF rule Host A: (First rule in rule set)
pass out quick on bge1 route-to ( bge1 112.0.0.1 ) inet from 112.0.0.2 to ! 112.0.0.0/27 keep state
PF rule Host B: (First rule in rule set)
pass out quick on bge1 route-to ( bge1 114.0.0.1 ) inet from 114.0.0.2 to ! 114.0.0.0/27 keep state
Thanks
Tom
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: toggle between english and french (how?)
- Next by Date: Re: recovery after power outage
- Previous by thread: transparent Squid + pf
- Next by thread: 3com network card
- Index(es):
