From owner-freebsd-pf@FreeBSD.ORG Tue Sep 6 14:54:12 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA38816A41F for ; Tue, 6 Sep 2005 14:54:12 +0000 (GMT) (envelope-from kickdaddy@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A79143D48 for ; Tue, 6 Sep 2005 14:54:12 +0000 (GMT) (envelope-from kickdaddy@gmail.com) Received: by zproxy.gmail.com with SMTP id 8so788920nzo for ; Tue, 06 Sep 2005 07:54:11 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=PKsX8A/QuH7WTEvN9KnVIFhvYN2V1TThwvVbEqMD3+O+4i6U0ACiIgB6j4np5LjcGnNYg+mn/CtkZOL1A5Dzzhqxw8GeiPuLGI5zCkcpWNa0SZwY9pxka5TUg6WYnuUGMiIHfiBceCBwm6QfI3x0h3igK5NTF9mARJeTcFOHTR0= Received: by 10.36.79.10 with SMTP id c10mr3202484nzb; Tue, 06 Sep 2005 07:54:11 -0700 (PDT) Received: by 10.36.77.6 with HTTP; Tue, 6 Sep 2005 07:54:11 -0700 (PDT) Message-ID: <456664705090607545972d483@mail.gmail.com> Date: Tue, 6 Sep 2005 07:54:11 -0700 From: Sean Leach To: freebsd-pf@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: PF and load balancing outgoing connections issue X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Sep 2005 14:54:13 -0000 Hey all, Using FreeBSD 5.3 release #1, I am having some troubles getting outgoing load balancing working with PF. It actually works fine for NAT'd outbound connections, but when packets come IN, they get balanced going back out, which leads them to take the wrong path back to the source. I am sure it's something silly I am doing. I have some servers in the LAN I am doing 1-1 NAT'ing with with redirects.=20 Here is the setup. LAN -> FreeBSD Gateway -> cable -> DSL Here are my relevant config entries: int_net=3D"192.168.1.0/24" pass out on $int_if from any to $int_net pass in quick on $int_if from $int_net to $int_if pass in on $int_if route-to \ { ($dsl_if $dsl_gw), ($cable_if $cable_gw) } round-robin \ from $int_net to any keep state pass out on $dsl_if route-to ($cable_if $cable_gw) from $cable_if to any pass out on $cable_if route-to ($dsl_if $dsl_gw) from $dsl_if to any So if I send a web request to one of the 1-1 NAT'd machines from outside the network, it will go in the DSL interface, and half the time the reply will go out the DSL interface. Sometimes though, I see the packet go out the cable interface instead, this is when it doesn't work. Any thoughts/tips I should be aware of? This is my first time doing this so I am definately a n00b :) Thanks!