[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: arp and PF's reply-to feature

Michael Shuldman wrote,
> Hello, I'm having a problem with using reply-to to route
> reply packets out the same interface they came in on.
> I have a
>     pass in on external_interface reply-to 
>     { external_interface external_router } ... keep state
> "external_interface" and "external_router" is the same interface/router
> the packet came in from.
> Whenever a packet matches this rule, the kernel complains that it
> can't add an arp entry for the outside address.  Why does it try
> to add an arp entry for that address?  The same happens if I change
> use "route-to" and change the rules accordingly.

Thanks for the responses.  Christopher Pascoe was spot-on.  This
was due to me using '{' by mistake, rather than '('.  This made
made the above rule expand to two rules, one with the interface,
the other with the router, rather than the intendend one rule with
an interface and router.

  _ // 
  \X/ -- Michael Shuldman <michaels_(_at_)_inet_(_dot_)_no>

Visit your host, monkey.org