Hi,
I have a server installed withFBSD FreeBSD 8.2 and PF. I have 1 IP, and 2 IPs failover. Both are bound on 1 physical interface (em0). The server holds two jails, both use a local IP bound on the loopback. I have a NAT rule to give them Internet connectivity. I can't bind the jails on those "failover" IPs as by nature this IP may not be routed on the server. I wish to create a rule to route traffic from 1 jail IP (i.e. 10.0.0.1) to 1 failover IP (i.e. 2.2.2.2)
For test purposes I bound a jail directly on a failover IP, it works. Then I rebound it on a local IP.
After researches I tried this kind of rule:
but packets are still routed on the default gateway.
Here is my current pf.conf file:
I document myself to understand exactly how rules/nat/routing interact with each other, but I must admit I'm a bit lost.
I have a server installed with
For test purposes I bound a jail directly on a failover IP, it works. Then I rebound it on a local IP.
After researches I tried this kind of rule:
Code:
pass in on lo0 route-to (em0 2.2.2.2) from 192.168.0.1Here is my current pf.conf file:
Code:
ext_if="em0"
int_if="lo0"
host_ext_ip="1.1.1.1"
#failover IP 1
confront_fo_ip="2.2.2.2"
#local jail IP 1
confront_jail_ip="192.168.0.3"
#failover IP 2
dbowl_fo_ip="3.3.3.3"
#local jail IP 1
dbowl_jail_ip="192.168.0.2"
set skip on lo
scrub in all
nat on $ext_if from $int_if to any -> ($ext_if)
block in
pass out keep state
antispoof quick for { lo $ext_if }
pass in on $int_if route-to ($ext_if $confront_fo_ip) from $confront_jail_ip
pass in on $ext_if inet proto tcp from any to $host_ext_ip port 22 flags S/SA keep state
pass in on $ext_if inet proto icmp from any to any keep stateI document myself to understand exactly how rules/nat/routing interact with each other, but I must admit I'm a bit lost.