Date: Thu, 17 Mar 2005 22:57:43 +0100 From: Hexren <me@hexren.net> To: Ben Shelton <fbsd-pf@shelton.ca> Cc: freebsd-pf@freebsd.org Subject: Re: pf route-to? Message-ID: <4921720352.20050317225743@hexren.net> In-Reply-To: <4239F7B8.7020101@shelton.ca> References: <4239F7B8.7020101@shelton.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi all, > I've got a little bit of an issue with pf and the route-to statement. > We have 2 ISPs currently and I'd like to get both of the uplinks put on > the freebsd box using pf to firewall/route for them. I have a couple > route-to rules set up but they don't seem to do much. I'm sure I'm just > missing some little detail here or misunderstanding exactly what > route-to is doing but I can't find any examples. > I've got: > ISP1 ISP2 > | | > firewall > | > internal net > So the internal net has hosts on both ISP1 and ISP2's subnets and > therefore has traffic to/from both ISPs travelling on it. The firewall > is the default router for both internal subnets (via aliases on the > interface). I have the pf rules: > pass in quick on $inside_int route to ( $ISP1_int $ISP1_router ) inet > proto icmp from $ISP1_inside_net to any keep state > pass out quick on $ISP1_int route to ( $ISP1_int $ISP1_router ) inet > proto icmp from $ISP1_inside_net to any keep state --------------------------------------------- Many things ou cann do :) Have you read http://www.openbsd.org/faq/pf/pools.html Then try only the rule "pass in quick on $inside_int route to ( $ISP1_int $ISP1_router ) \ proto icmp from $ISP1_inside_net to any keep state" try adding log options to the rules and start listening on pflog0 to where your packets are going. Regards Hexren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4921720352.20050317225743>