From owner-freebsd-pf@FreeBSD.ORG Tue Jun 10 15:07:46 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AE703106566C for ; Tue, 10 Jun 2008 15:07:46 +0000 (UTC) (envelope-from swp@swp.pp.ru) Received: from mx1-ttk.uni-altai.ru (mx1-ttk.uni-altai.ru [81.1.237.194]) by mx1.freebsd.org (Postfix) with ESMTP id E007E8FC16 for ; Tue, 10 Jun 2008 15:07:45 +0000 (UTC) (envelope-from swp@swp.pp.ru) Received: from bspu.secna.ru (mail2.uni-altai.ru [10.250.2.12]) by mx1-ttk.uni-altai.ru (8.14.2/8.14.2) with ESMTP id m5AEb8AT041061 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 10 Jun 2008 21:37:09 +0700 (NOVST) (envelope-from swp@swp.pp.ru) Received: from swp.pp.ru (swp-bb0.uni-altai.ru [10.250.10.5]) by bspu.secna.ru (8.14.2/8.14.2) with ESMTP id m5AEi0IC026183 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Tue, 10 Jun 2008 21:44:01 +0700 (NOVST) (envelope-from swp@swp.pp.ru) Received: from swp.pp.ru (localhost [127.0.0.1]) by swp.pp.ru (8.14.2/8.14.2) with ESMTP id m5AEb7Pw099092 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 10 Jun 2008 21:37:07 +0700 (NOVST) (envelope-from swp@swp.pp.ru) Received: (from swp@localhost) by swp.pp.ru (8.14.2/8.14.2/Submit) id m5AEb74t099091 for freebsd-pf@freebsd.org; Tue, 10 Jun 2008 21:37:07 +0700 (NOVST) (envelope-from swp) Date: Tue, 10 Jun 2008 21:37:07 +0700 From: "mitrohin a.s." To: freebsd-pf@freebsd.org Message-ID: <20080610143707.GA99039@swp.pp.ru> Mail-Followup-To: freebsd-pf@freebsd.org References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.17 (2007-11-01) X-Virus-Scanned: ClamAV version 0.92.1, clamav-milter version 0.92.1 on main.uni-altai.ru X-Virus-Scanned: ClamAV version 0.92.1, clamav-milter version 0.92.1 on bspu.secna.ru X-Virus-Status: Clean X-Milter: Spamilter (Reciever: ns1.uni-altai.ru; Sender-ip: 10.250.2.12; Sender-helo: bspu.secna.ru; ) Subject: Re: multi gateways setup X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: swp@swp.pp.ru List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jun 2008 15:07:46 -0000 On Tue, Jun 10, 2008 at 05:46:11PM +0800, Rosli Sukri wrote: > hi > > scenario: > users---->[lan]freebsdpf[wan]----->{gw1,gw2} > where gw1 goes to isp1, and gw2 goes to isp2. > > > requirements: > ftp, http, https traffic goes to gw1 > telnet, ssh, mail and pop goes to gw2 > > can freebsdpf do this? > nat from any to any port = { ftp http https } tag W1 -> (wan1) nat from any to any port = { telnet ssh mail pop } tag W2 -> (wan2) set skip on lan0 pass quick on wan1 tagged W1 keep state pass quick route-to (wan1 gw1) tagged W1 keep state pass quick on wan2 tagged W2 keep state pass quick route-to (wan2 gw2) tagged W2 keep state /swp