Date: Mon, 24 Jan 2005 16:43:59 -0700 From: "Stephane Raimbault" <segr@hotmail.com> To: freebsd-pf@freebsd.org Subject: RE: route-to rule. Message-ID: <BAY24-F8DE8D876106F2F081BB91CC850@phx.gbl>
next in thread | raw e-mail | index | archive | help
Hi, I also have some binat's setup for some servers, however they are only
on one interface... Can I simply add these binat rules to the the suggested
pf.conf file?
binat on $ext_if1 from $server1_int to any -> $server1_out
binat on $ext_if1 from $server2_int to any -> $server2_out
where server?_int = internal IP and server?_out = public IP?
Thanks,
Stephane.
----------
try this one:
set state-policy if-bound
lan = <lan_nic>
ext_if1 = <your_ext_nic1>
ext_if2 = <your_ext_nic2>
gw1 = <your_gw1>
gw2 = <your_bw2>
1 = "(" $ext_if1 $gw1 ")"
2 = "(" $ext_if2 $gw2 ")"
nat on $ext_if1 from $internal_net to any -> ($ext_if1)
nat on $ext_if2 from $internal_net to any -> ($ext_if2)
#local
pass in quick on $lan inet from $lan:network to $lan keep state
pass out quick on $lan inet from $lan to $lan:network keep state
#wans
pass in on $ext_if1 tag $ext_if1 keep state
pass out on $lan reply-to $1 tagged $ext_if1 keep state
pass in on $ext_if2 tag $ext_if2 keep state
pass out on $lan reply-to $2 tagged $ext_if2 keep state
# balance
pass in on $lan route-to { $0 $1 } round-robin keep state
#OUT
pass out on $ext_if1 route-to $0 keep state
pass out on $ext_if1 route-to $1 keep state
and tell us if worked for you.
Chris.
----- Original Message -----
From: "Stephane Raimbault" <segr at hotmail.com>
To: <freebsd-pf at freebsd.org>
Sent: Tuesday, January 25, 2005 12:24 AM
Subject: route-to rule.
>I have a freebsd box with 2 wan interfaces, 1 lan interface and 1 tun
>interface.
>
>I have pf setup so that 10.1.0.64/26 and 10.1.0.128/25 go out our second
>wan interface like this:
>
>nat on $ext_if1 from $internal_net to any -> ($ext_if1)
>nat on $ext_if2 from $internal_net to any -> ($ext_if2)
>
>pass in on $int_if route-to ($ext_if2 $ext_gw2) from { 10.1.0.64/26 ,
>10.1.0.128/25 } to any
>
>pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
>pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
>
>
>However, any traffic destined to 10.0.0.0/26 accessible via the tun0
>interface doesn't get routed as I'm guessing it goes out to the 2nd wan
>interface ( $ext_if2 ).
>
>I've tried modifying the pass in line like this:
>
>pass in on $int_if route-to ($ext_if2 $ext_gw2) from { 10.1.0.64/26 ,
>10.1.0.128/25 } to { 0.0.0.0/0, !10.0.0.0/26 }
>
>However it did not work. Any suggestions on this?
>
>thanks,
>stephane.
>
>_________________________________________________________________
>Take charge with a pop-up guard built on patented Microsoft® SmartScreen
>Technology.
>http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
>Start enjoying all the benefits of MSN® Premium right now and get the first
>two months FREE*.
>
>_______________________________________________
>freebsd-pf at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
_________________________________________________________________
Take advantage of powerful junk e-mail filters built on patented Microsoft®
SmartScreen Technology.
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
Start enjoying all the benefits of MSN® Premium right now and get the
first two months FREE*.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY24-F8DE8D876106F2F081BB91CC850>