Date: Mon, 4 Aug 2008 23:24:23 +0300 From: "Ismail OZATAY" <ismail@ismailozatay.net> To: <freebsd-pf@freebsd.org> Subject: About policy routing Message-ID: <027A22408D9149A4B1A54CED20827F9F@pc>
next in thread | raw e-mail | index | archive | help
Hi there,
Today i tried to make a policy routing with pf on freebsd 7 server for my
second internet connection but couldn't do it. My default gw is dsl and want
to use leased line for second connection. I do not know where is the problem
?
Here is my pf.conf file ;
> ll="sk0"
> ll_gw="212.212.1.1"
> ll_ip="212.212.1.2"
>
> dmz="sk1"
> dmz_net="230.230.1.176/28"
> dmz_ip="230.230.1.177"
>
> dsl="rl0"
> dsl_gw="10.1.1.1"
> dsl_ip="10.1.1.2"
>
> int="sk2"
> int_net="10.10.10.0/24"
> int_ip="10.10.10.1"
>
> set optimization aggressive
> set skip on lo
>
> scrub in all
>
> nat on $dsl from $int_net to any -> $dsl_ip
>
> # Default block
> ###############
> block in log all
> block out log all
>
> antispoof quick for { lo $int $ll $dsl $dmz }
> pass out on $dsl inet proto tcp from $dsl to any keep state
> pass out on $dsl inet proto udp from $dsl to any keep state
> pass out on $ll inet proto tcp from $ll to any keep state
> pass out on $ll inet proto udp from $ll to any keep state
>
> pass in on $int inet proto tcp from $int_net to any port { http, https }
> flags S/SA keep state
> pass in on $int inet proto udp from $int_net to any port domain keep state
>
> pass in log on $dmz route-to($ll $ll_gw) inet proto tcp from $dmz_net to
> any port { http, https } flags S/SA keep state
> pass in log on $dmz route-to($ll $ll_gw) inet proto udp from $dmz_net to
> any port domain flags S/SA keep state
Can you correct me ?
Thanks
ismail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?027A22408D9149A4B1A54CED20827F9F>