policy route for locally originating traffic

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

policy route for locally originating traffic

Rolf
Hello

I’m new to pf and am using it on OS X 10.11

When I have my OS X host connected to two networks, say Wifi and a wired ethernet I’d like to arrange for specific services to specific destinations be directed to the wifi network, while the ethernet carries other traffic.

No matter what combination I try with pfctl I cannot make it work.

In the documentation there is the - correct - implication that all routing is that defined as traffic arriving on one interface and leaving on another, which is not the case when I am using a single OS X host.  So I’m tempted to think this rather perverted use of routing is simply not possible with pf.

I’ve tried many combinations but typically they are variations on this:

pfctl pass route-to ($device $gateway) from any to $destinationNetwork $service

I’ve tried explicitly stating interfaces and their direction (in, out) as well as stating tcp protocol as well.  I’ve simplified further leaving out the service involved, I’ve also tried using the reply-to command but I don’t believe i need that.

I know the config has an effect usually by my tests breaking all connectivity...

So I’d be very appreciative if I can be shown a way to setup the above config.  So I can get access to particular services via one interface while everything else goes via the other.  Or to say its not possible.

Thanks very much,

r.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: policy route for locally originating traffic

Wayne Cuddy
Hi Rolf,

I've not done this myself with OpenBSD but I have on Linux. OpenBSD
can accomplish this as well but not with just pf alone.

I believe what you should look into is "routing domains". A google
search "openbsd routing domains" should provide you with what you are
looking for.

Hope that helps,
Wayne

On Mon, Dec 14, 2015 at 12:27:27PM +1100, Rolf wrote:

> Hello
>
> I’m new to pf and am using it on OS X 10.11
>
> When I have my OS X host connected to two networks, say Wifi and a wired ethernet I’d like to arrange for specific services to specific destinations be directed to the wifi network, while the ethernet carries other traffic.
>
> No matter what combination I try with pfctl I cannot make it work.
>
> In the documentation there is the - correct - implication that all routing is that defined as traffic arriving on one interface and leaving on another, which is not the case when I am using a single OS X host.  So I’m tempted to think this rather perverted use of routing is simply not possible with pf.
>
> I’ve tried many combinations but typically they are variations on this:
>
> pfctl pass route-to ($device $gateway) from any to $destinationNetwork $service
>
> I’ve tried explicitly stating interfaces and their direction (in, out) as well as stating tcp protocol as well.  I’ve simplified further leaving out the service involved, I’ve also tried using the reply-to command but I don’t believe i need that.
>
> I know the config has an effect usually by my tests breaking all connectivity...
>
> So I’d be very appreciative if I can be shown a way to setup the above config.  So I can get access to particular services via one interface while everything else goes via the other.  Or to say its not possible.
>
> Thanks very much,
>
> r.
Loading...