From owner-freebsd-net@FreeBSD.ORG Thu Mar 20 12:57:50 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9B7D106566B for ; Thu, 20 Mar 2008 12:57:50 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: from blah.sun-fish.com (blah.sun-fish.com [217.18.249.150]) by mx1.freebsd.org (Postfix) with ESMTP id 42D498FC1C for ; Thu, 20 Mar 2008 12:57:50 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: by blah.sun-fish.com (Postfix, from userid 1002) id 91C591B10EE0; Thu, 20 Mar 2008 13:57:48 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on blah.cmotd.com X-Spam-Level: X-Spam-Status: No, score=-10.6 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.2.3 Received: from hater.haters.org (hater.cmotd.com [192.168.3.125]) by blah.sun-fish.com (Postfix) with ESMTP id 7DA041B10EF2; Thu, 20 Mar 2008 13:57:42 +0100 (CET) Message-ID: <47E25F45.8010805@moneybookers.com> Date: Thu, 20 Mar 2008 14:57:41 +0200 From: Stefan Lambrev User-Agent: Thunderbird 2.0.0.12 (X11/20080229) MIME-Version: 1.0 To: Wesley References: In-Reply-To: Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.91.2/6310/Thu Mar 20 07:02:00 2008 on blah.cmotd.com X-Virus-Status: Clean Cc: freebsd-net@freebsd.org Subject: Re: route-to not working X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2008 12:57:50 -0000 Greetings, Wesley wrote: > Dear people, > > I have 2 links on a box, and I don't want to load balance it but, only to > reply requests in the same interface that it comes. > > I tried to use the route-to, but it not seems to work. > > Could you please, give-me a help? > I do not see where you use "reply-to" in you configuration But here is working example which you can improve off course. #dual home pass in on $ext_if1 reply-to ($ext_if1 $gw1) from any to $external_addr1 keep state pass out on $ext_if2 route-to ($ext_if1 $gw1) from $external_addr1 to any pass in on $ext_if2 reply-to ($ext_if2 $gw2) from any to $external_addr2 keep state pass out on $ext_if1 route-to ($ext_if2 $gw1) from $external_addr2 to any #dual home ssh only pass out on $ext_if2 route-to ($ext_if1 $gw1) from $external_addr1 to any pass out on $ext_if1 route-to ($ext_if2 $gw1) from $external_addr2 to any pass in on $ext_if1 reply-to ($ext_if1 $gw1) proto tcp from any to $external_addr1 port 22 keep state pass in on $ext_if2 reply-to ($ext_if2 $gw2) proto tcp from any to $external_addr2 port 22 keep state > It's my configuration: > > set skip on lo0 > scrub on xl0 reassemble tcp no-df random-id > scrub on xl1 reassemble tcp no-df random-id > scrub on dc0 reassemble tcp no-df random-id > nat on xl0 from 172.16.0.0/24 to any -> (xl0) static-port > rdr on dc0 inet proto tcp to port 80 -> 127.0.0.1 port 3128 round-robin > sticky-address > antispoof quick for {xl0,dc0,xl1} > block proto tcp from 172.16.0.0/24 to any port 3128 > # Internal Traffic > pass in quick on dc0 from any to any > pass out quick on dc0 from any to any > # Outgoing > pass out on xl0 proto tcp all flags S/SA modulate state > pass out on xl0 proto { udp, icmp } all keep state > pass out on xl1 proto tcp all flags S/SA modulate state > pass out on xl1 proto { udp, icmp } all keep state > # Pass basic services > pass in quick on xl1 proto tcp from any to any port { 22, 21, 1194 } keep > state > pass in quick on xl0 proto tcp from any to any port { 22, 21, 1194 } keep > state > pass in on xl0 proto udp from any to any port 53 > pass in on xl1 proto udp from any to any port 53 > # Pass VPN > pass in quick on xl1 proto udp from any to port 1194 keep state > pass quick on tun0 > # Source nat route > pass out log on xl0 route-to ( xl1 200.232.164.1 ) from xl1 to any > pass out on xl1 route-to ( xl0 201.83.16.1 ) from xl0 to any > # Close > block return-rst in log quick on xl0 inet proto tcp from any to any > block return-rst in log quick on xl1 inet proto tcp from any to any > block return-icmp in log quick on xl0 proto udp from any to any > block return-icmp in log quick on xl1 proto udp from any to any > block in quick on xl0 all > block in quick on xl1 all > > Best Regards, > > Wesley Gentine > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Best Wishes, Stefan Lambrev ICQ# 24134177