I've got an OpenBSD 6.0 box running as a router / firewall. It's got three physical network connections and one GRE tunnel:
- em0: Internet (routing domain 0)
- em1: Internal LAN private IPs (routing domain 0)
- em2: Server network public IPs (routing domain 2)
- gre0: Tunnel delivering connectivity to em2 (routing domain 2)
The Internet and private LAN are a standard set up with NAT. The GRE tunnel comes in over the Internet connection (routing domain 0) but the tunneled traffic is in routing domain 2. The IP range on em2, has a route back through the GRE tunnel to the Internet.
When I download a file from one of my servers from my LAN, it goes out via the Internet, back in through the tunnel and then onto em2. This actually works well, but given that the server is only a few feet away from me, and that my internal link is much faster than going via the Internet, I'd like the router to simply handle it internally.
I've tried a number of different tutorials (they were for older versions of PF) as well as plain out fiddling about, but I've not had much luck.
So the question is, how can I configure PF so that I can jump between the routing domains and remove the need to go via the Internet for what is a locally connected device?
Can anyone steer me in the right direction?
