- 论坛徽章:
- 0
|
难道是,我太弱了...
解决了 应该这样写...
pass out log on em0 route-to (em0 192.168.2.2) inet from 192.168.2.10 to 3.3.3.3 flags S/SA keep state
网站上写着
ROUTING
If a packet matches a rule with a route option set, the packet filter
will route the packet according to the type of route option. When such a
rule creates state, the route option is also applied to all packets
matching the same connection.
fastroute
The fastroute option does a normal route lookup to find the next
hop for the packet.
route-to
The route-to option routes the packet to the specified interface
with an optional address for the next hop. When a route-to rule
creates state, only packets that pass in the same direction as the
filter rule specifies will be routed in this way. Packets passing
in the opposite direction (replies) are not affected and are routed
normally.
reply-to
The reply-to option is similar to route-to, but routes packets that
pass in the opposite direction (replies) to the specified inter-
face. Opposite direction is only defined in the context of a state
entry, and reply-to is useful only in rules that create state. It
can be used on systems with multiple external connections to route
all outgoing packets of a connection through the interface the in-
coming connection arrived through (symmetric routing enforcement).
dup-to
The dup-to option creates a duplicate of the packet and routes it
like route-to. The original packet gets routed as it normally
would.
[ 本帖最后由 testab 于 2009-4-9 13:50 编辑 ] |
|