[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: load balance (rdr) with tables



On Mon, Jan 17, 2005 at 07:29:02PM -0800, Gustavo A. Baratto wrote:
> Based on your rule, it works fine if I do this:
> rdr pass on $ext_if proto tcp from any to $ext_if port {25 80 110 143 
> 443} -> <smtp> sticky-address
> 
> But if I do as specified in the pf FAQ, it doesn't:
> rdr pass on $ext_if proto tcp from any to any port {25 80 110 143 443} -> 
> <smtp> sticky-address
> 
> Is this the correct behaviour? tested on openbsd 3.6 as well with the same 
> results.
No, looks like a bug.
The difference between those two rules is that the first one (which
works) implicitly restricts the rule to one address family (IPv4). You
can achieve the same (without restricting the destination address) by
adding 'inet' before 'proto tcp'.
I guess when the rule is not restricted to IPv4 or IPv6 but applies to
both, the round-robin in the pool should loop only through the entries
of the appropriate family, matching the connection being redirected. A
table can contain both IPv4 and IPv6 addresses.
Daniel