From owner-freebsd-net@FreeBSD.ORG Mon Mar 24 18:43:22 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D79A61065670 for ; Mon, 24 Mar 2008 18:43:22 +0000 (UTC) (envelope-from wcglist@gmail.com) Received: from el-out-1112.google.com (el-out-1112.google.com [209.85.162.182]) by mx1.freebsd.org (Postfix) with ESMTP id 630F18FC14 for ; Mon, 24 Mar 2008 18:43:22 +0000 (UTC) (envelope-from wcglist@gmail.com) Received: by el-out-1112.google.com with SMTP id v27so1265452ele.12 for ; Mon, 24 Mar 2008 11:43:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=DclCvxUFafhUUbjkgkYpzQNRPFb5jPFddoOjXl3Pryg=; b=d94DrfhrkF/pXBCnDxJKmacx6Ylr3UrRGKV1Zo38feIRIlTIEJBRBbWbg//EL/5lIZNf3rzDrPJ6HJeoFECObTg7HOmluzKR9MWbbiBQi4goT8E9Y6izaP+TjBWT9YK4YasW5oGM1VnfLjhZHF98zm98BKD2acHQymL94jN3TkU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=f7IAKt30FB1PUfSnBiGH47XAbMpv8YKzuZPWPq/Odalzf9+aDQXDD2zDpBZSyZBRRu32XMWYn2VBUVyO8QSXvMRPgb4S8otLmRX7YtzlfNfMmxqLSVoN/WvxVnBG20iY5IRBMfmXNGki3nx5QQtjh1SRuYJo3ld4Tm3naH4fMEY= Received: by 10.141.20.7 with SMTP id x7mr2449348rvi.255.1206384200569; Mon, 24 Mar 2008 11:43:20 -0700 (PDT) Received: by 10.141.123.18 with HTTP; Mon, 24 Mar 2008 11:43:20 -0700 (PDT) Message-ID: Date: Mon, 24 Mar 2008 15:43:20 -0300 From: Wesley To: freebsd-net@freebsd.org In-Reply-To: <47E25F45.8010805@moneybookers.com> MIME-Version: 1.0 References: <47E25F45.8010805@moneybookers.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: route-to not working X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2008 18:43:23 -0000 Stephan, I tried to use your example, but the packet is replying to wrong interface.... Do you think that it's a bug? Best regards, Wesley On Thu, Mar 20, 2008 at 9:57 AM, Stefan Lambrev < stefan.lambrev@moneybookers.com> wrote: > Greetings, > > > Wesley wrote: > > Dear people, > > > > I have 2 links on a box, and I don't want to load balance it but, only > to > > reply requests in the same interface that it comes. > > > > I tried to use the route-to, but it not seems to work. > > > > Could you please, give-me a help? > > > I do not see where you use "reply-to" in you configuration > > But here is working example which you can improve off course. > > #dual home > pass in on $ext_if1 reply-to ($ext_if1 $gw1) from any to $external_addr1 > keep state > pass out on $ext_if2 route-to ($ext_if1 $gw1) from $external_addr1 to any > pass in on $ext_if2 reply-to ($ext_if2 $gw2) from any to $external_addr2 > keep state > pass out on $ext_if1 route-to ($ext_if2 $gw1) from $external_addr2 to any > > #dual home ssh only > pass out on $ext_if2 route-to ($ext_if1 $gw1) from $external_addr1 to any > pass out on $ext_if1 route-to ($ext_if2 $gw1) from $external_addr2 to any > pass in on $ext_if1 reply-to ($ext_if1 $gw1) proto tcp from any to > $external_addr1 port 22 keep state > pass in on $ext_if2 reply-to ($ext_if2 $gw2) proto tcp from any to > $external_addr2 port 22 keep state > > It's my configuration: > > > > set skip on lo0 > > scrub on xl0 reassemble tcp no-df random-id > > scrub on xl1 reassemble tcp no-df random-id > > scrub on dc0 reassemble tcp no-df random-id > > nat on xl0 from 172.16.0.0/24 to any -> (xl0) static-port > > rdr on dc0 inet proto tcp to port 80 -> 127.0.0.1 port 3128 round-robin > > sticky-address > > antispoof quick for {xl0,dc0,xl1} > > block proto tcp from 172.16.0.0/24 to any port 3128 > > # Internal Traffic > > pass in quick on dc0 from any to any > > pass out quick on dc0 from any to any > > # Outgoing > > pass out on xl0 proto tcp all flags S/SA modulate state > > pass out on xl0 proto { udp, icmp } all keep state > > pass out on xl1 proto tcp all flags S/SA modulate state > > pass out on xl1 proto { udp, icmp } all keep state > > # Pass basic services > > pass in quick on xl1 proto tcp from any to any port { 22, 21, 1194 } > keep > > state > > pass in quick on xl0 proto tcp from any to any port { 22, 21, 1194 } > keep > > state > > pass in on xl0 proto udp from any to any port 53 > > pass in on xl1 proto udp from any to any port 53 > > # Pass VPN > > pass in quick on xl1 proto udp from any to port 1194 keep state > > pass quick on tun0 > > # Source nat route > > pass out log on xl0 route-to ( xl1 200.232.164.1 ) from xl1 to any > > pass out on xl1 route-to ( xl0 201.83.16.1 ) from xl0 to any > > # Close > > block return-rst in log quick on xl0 inet proto tcp from any to any > > block return-rst in log quick on xl1 inet proto tcp from any to any > > block return-icmp in log quick on xl0 proto udp from any to any > > block return-icmp in log quick on xl1 proto udp from any to any > > block in quick on xl0 all > > block in quick on xl1 all > > > > Best Regards, > > > > Wesley Gentine > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > -- > > Best Wishes, > Stefan Lambrev > ICQ# 24134177 > >