Date: Thu, 17 Mar 2005 22:57:43 +0100 From: Hexren <me@hexren.net> To: Ben Shelton <fbsd-pf@shelton.ca> Cc: freebsd-pf@freebsd.org Subject: Re: pf route-to? Message-ID: <4921720352.20050317225743@hexren.net> In-Reply-To: <4239F7B8.7020101@shelton.ca>
index | next in thread | previous in thread | raw e-mail
> Hi all, > I've got a little bit of an issue with pf and the route-to statement. > We have 2 ISPs currently and I'd like to get both of the uplinks put on > the freebsd box using pf to firewall/route for them. I have a couple > route-to rules set up but they don't seem to do much. I'm sure I'm just > missing some little detail here or misunderstanding exactly what > route-to is doing but I can't find any examples. > I've got: > ISP1 ISP2 > | | > firewall > | > internal net > So the internal net has hosts on both ISP1 and ISP2's subnets and > therefore has traffic to/from both ISPs travelling on it. The firewall > is the default router for both internal subnets (via aliases on the > interface). I have the pf rules: > pass in quick on $inside_int route to ( $ISP1_int $ISP1_router ) inet > proto icmp from $ISP1_inside_net to any keep state > pass out quick on $ISP1_int route to ( $ISP1_int $ISP1_router ) inet > proto icmp from $ISP1_inside_net to any keep state --------------------------------------------- Many things ou cann do :) Have you read http://www.openbsd.org/faq/pf/pools.html Then try only the rule "pass in quick on $inside_int route to ( $ISP1_int $ISP1_router ) \ proto icmp from $ISP1_inside_net to any keep state" try adding log options to the rules and start listening on pflog0 to where your packets are going. Regards Hexrenhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4921720352.20050317225743>