Re: My problem of pf rule

["Travis H." <solinym_(_at_)_gmail_(_dot_)_com>]

> let's put aside the subnet routing env.s the int are in and the routing
> table of host is like this, if the dest IP of packet is in <set0> then
> it's forwarded to em0, if is in <set1> then em1. I turn on NAT on em0.
>
> there are two questions left:
> 1. I wanna employ a flow control for the two fxp int on em0 other than.
> cuz NAT is applying on em0, I can't describe the flow of the two fxp int
> using 'on em0' respectively. I describe them on their source int like this:
>
> pass in on fxp0 inet from <fxp0_ip> to <set0> queue queue0
> pass in on fxp0 inet from <fxp1_ip> to <set1> queue queue1

What's "a flow control"?  I don't see why you can't specify "on em0",
even when NAT is in use.

> 2. The host itself may also send data by em0 using the IP of em0, how
> can I describe this flow? Using cbq(default) or whatever?

How about:
pass out on em0 from (em0) to any

This notation for use with dynamic IPs is described in the FAQ:
http://www.openbsd.org/faq/pf/
--
http://www.lightconsulting.com/~travis/  -><- Knight of the Lambda Calculus
"We already have enough fast, insecure systems." -- Schneier & Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
_______________________________________________
freebsd-pf_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe_(_at_)_freebsd_(_dot_)_org"