From owner-freebsd-net@FreeBSD.ORG Thu Sep 20 17:26:16 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D38B1106566B for ; Thu, 20 Sep 2012 17:26:16 +0000 (UTC) (envelope-from mikemacleod@gmail.com) Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com [209.85.223.182]) by mx1.freebsd.org (Postfix) with ESMTP id 980E28FC0A for ; Thu, 20 Sep 2012 17:26:16 +0000 (UTC) Received: by ieak10 with SMTP id k10so1323470iea.13 for ; Thu, 20 Sep 2012 10:26:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Bdlg5HXuqk79ggehOWzQUD/e14LAKK3qobcIHc+q92c=; b=Mt+Bxy6cF1GVbOZ3Qs5husi9yN0SlZtj0ahz0USrJU0szRCElP7sT4YkZc75a4LK1k X9xUpqkZZysaX46QfpEZAfHP20OcEQ8qhZNjgo3WMl9CQjFdXN3+78Iay6BP77rKjk9P dRnA02ptaksVN3Cp/ERNLbYPfzELoiYJ4QKB408R+OdFKqcT/gWeqiKzv/nN8YocZkJB E2oiFmUBFrCYCRsnjQzp/RG8+m+k57xD8tUd1xtyCK/1/0+oRFbtXjelckIXFykxUvDq VNkroAsNwxn6OLtnms9l6z369j3oqdHnklGBGzXsOIhho+3GTToJmHwkI9iRun7FFDyG DYbA== Received: by 10.50.154.227 with SMTP id vr3mr2746269igb.43.1348161970415; Thu, 20 Sep 2012 10:26:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.64.19.73 with HTTP; Thu, 20 Sep 2012 10:25:50 -0700 (PDT) In-Reply-To: <20120920180115.ede9a2b8.misho@elwix.org> References: <505B2555.40704@doblej.net> <20120920180115.ede9a2b8.misho@elwix.org> From: Michael MacLeod Date: Thu, 20 Sep 2012 13:25:50 -0400 Message-ID: To: Michael Pounov Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org Subject: Re: Multiroute question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Sep 2012 17:26:16 -0000 Actually, multiple routing tables is the correct solution. I documented it here: http://www.mmacleod.ca/blog/2011/06/source-based-routing-with-freebsd-using= -multiple-routing-table/ >From the post: "... But route-to and reply-to do not trump the default routing table for traffic that originates or terminates on the router itself. They are useful only for traffic passing through the router. pf can only make routing decisions when a packet passes through an interface. It can try and set the reply-to interface to be the second WAN connection when an inbound SSH connection is made, but neither the SSH daemon nor the routing table on the host know or care about the routing preferences of pf.= " On Thu, Sep 20, 2012 at 11:01 AM, Michael Pounov wrote: > Hi, Juan > > Use pf like in that simple example: > > $dsl_if =3D "CardA" > $int_if =3D "CardB" > $dsl_addr =3D "_dsl_if_ip_" > $int_addr =3D "_int_if_ip_" > $dsl_gw =3D "_dsl_gw_ip_" > $int_gw =3D "_int_gw_ip_" > > set state-policy if-bound > > .... blah blah blah whatever rules ... > > pass out on $dsl_if route-to ($int_if $int_gw) from $int_if no state > pass out on $int_if route-to ($dsl_if $dsl_gw) from $dsl_if no state > > # End pf example ;) > > On Thu, 20 Sep 2012 16:16:53 +0200 > Juan Jos=E9 S=E1nchez Mesa wrote: > > > Hi! > > > > (sorry for my bad english) > > > > I have a FreeBSD machine (8.2-RELEASE-p3). The machine has two ethernet > > cards, configured in this way: > > > > - Card A: internet IP address > > - Card B: intranet IP address > > > > Default route goes via card A. > > > > Now, on the intranet I have a "normal" DSL router. Then, using NAT i've > > forewarded a simple port from the DSL to the intranet IP of this machin= e. > > > > The incoming packets from the DSL comes ok to the machine (via card B), > > but the outgoing packet goes to card A, due to the default route. > > > > There is a way to configure the network so that outgoing packets goes t= o > > the card from where the incoming packets was arrived ? > > > > Or is this impossible to configure ? > > > > Thanks!!! > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > -- > Best Regards, > > Michael Pounov > ELWIX - embedded lightweight unix - > > WWW: http://www.elwix.org/ > EMail: misho@elwix.org > Skype: mpunov > XMPP: misho@aitnet.org > Phone: +359 888 737358; +359 899 737358 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >