From owner-freebsd-questions@FreeBSD.ORG Fri Feb 8 14:00:25 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8953816A418 for ; Fri, 8 Feb 2008 14:00:25 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id C071413C4D9 for ; Fri, 8 Feb 2008 14:00:24 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from lack-of-gravitas.thebunker.net (gateway.ash.thebunker.net [213.129.64.4]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.2/8.14.2) with ESMTP id m18E09NO045744 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 8 Feb 2008 14:00:17 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.4.4 smtp.infracaninophile.co.uk m18E09NO045744 Authentication-Results: smtp.infracaninophile.co.uk; dkim=hardfail (SSP) header.i=unknown Message-ID: <47AC6068.3060005@infracaninophile.co.uk> Date: Fri, 08 Feb 2008 14:00:08 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.9 (X11/20080207) MIME-Version: 1.0 To: FreeBSD Questions References: <20080208133822.GA46647@demeter.hydra> In-Reply-To: <20080208133822.GA46647@demeter.hydra> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [81.187.76.162]); Fri, 08 Feb 2008 14:00:18 +0000 (GMT) X-Virus-Scanned: ClamAV 0.92/5743/Fri Feb 8 12:45:29 2008 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00,SPF_FAIL autolearn=no version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on happy-idiot-talk.infracaninophile.co.uk Subject: Re: pf.conf for variable interfaces X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2008 14:00:25 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Chad Perrin wrote: > I'm setting up PF on a FreeBSD laptop that sometimes uses the wireless > device (iwi0) as its external interface, and sometimes uses the RJ-45 > ethernet device (bge0) as its external interface. Unfortunately, I > haven't figured out yet how to make that happen. > > I'd like to be able to have the $ext_if value change depending on which > interface is active and being used to connect to the outside world. Do I > just need to create two full sets of rules in my pf.conf (or use a script > to rewrite that file from scratch each time), even though I'll be using > exactly the same rules for PF regardless of which interface I'm using, or > is there some simple way to avoid that sort of redundancy? What am I > overlooking? > You might be able to use link aggregation to make this work. See lagg(4) - -- there's an example in there of automatic fail-over between a wireless and a wired interface. Assuming that your wireless and wired interfaces would all sit on the same network and you can move the IP from one to the other, it should work. In pf.conf you'ld need to set: ext_if="(lagg0)' (The brackets are important if the IP is dynamically assigned and could change) Completely untried, but I think this should work. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. Flat 3 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW, UK -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHrGBn3jDkPpsZ+VYRA3UDAKCVRiDc08UWXwe10W0UYpg01hchgACfdFeh XyqzAidCAgAut5tOtgryUi8= =FDYK -----END PGP SIGNATURE-----