pf route-to only with multipath enabled?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

pf route-to only with multipath enabled?

Markus Rosjat
Hi there,

just to clarify this a rule in pf with the route-to keyword only works
when multipath routing is enable in sysctl.conf?

regards

--
Markus Rosjat    fon: +49 351 8107223    mail: [hidden email]

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT

Reply | Threaded
Open this post in threaded view
|

Re: pf route-to only with multipath enabled?

Stuart Henderson
On 2017-05-23, Markus Rosjat <[hidden email]> wrote:
> just to clarify this a rule in pf with the route-to keyword only works
> when multipath routing is enable in sysctl.conf?

You do not need net.inet.ip.multipath (or v6 equiv) to use a route-to rule,
only net.inet.ip.forwarding.

You do need a route table entry covering the destination (default or some
other route) otherwise the packet is dropped before it reaches PF.