From owner-freebsd-pf@FreeBSD.ORG Tue Nov 20 10:56:21 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 39DC9A2E for ; Tue, 20 Nov 2012 10:56:21 +0000 (UTC) (envelope-from hoomanfazaeli@gmail.com) Received: from mail-pa0-f54.google.com (mail-pa0-f54.google.com [209.85.220.54]) by mx1.freebsd.org (Postfix) with ESMTP id 042DA8FC16 for ; Tue, 20 Nov 2012 10:56:20 +0000 (UTC) Received: by mail-pa0-f54.google.com with SMTP id kp6so4305759pab.13 for ; Tue, 20 Nov 2012 02:56:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=AZma0LjEjeQzgs50BZjBnwc3pz1W4E6ssODQbIBEOQ8=; b=hJ4/qHig2ULthabi7WSoL09nokPYwQ5FZUB4NHaFaUnqbLM5qVxpWfZmmEUhMz/yIu IVuOUEUUv5GHtkX1HAWopXd9j6skyfhnWCTst1eclN3vKpnXD5V+XKIsP4yiOrjd6s60 GzCEQmHFZk4NJiZh5qgGSVTSvz3W2fdhvimFhijrESOtn8b47QnvytAxPUttcYsQ7PA1 g/eLIL5z5CCvrz+tWRN5bupFkNeIHMEgySxdoz4Ep6e8ngYBKob2nfAP7BOMKdNlwv2W l0qrP2Aaco8veQOPvQaPxIiBYuXjZ1I7q4lwET5PhSKJEDcQ4BEewKCfb1lDD4O/+GlH tBSQ== Received: by 10.68.138.229 with SMTP id qt5mr46966184pbb.122.1353408980633; Tue, 20 Nov 2012 02:56:20 -0800 (PST) Received: from [192.168.1.240] ([2.176.178.63]) by mx.google.com with ESMTPS id pu4sm7891960pbb.72.2012.11.20.02.56.17 (version=SSLv3 cipher=OTHER); Tue, 20 Nov 2012 02:56:19 -0800 (PST) Message-ID: <50AB61CF.9040309@gmail.com> Date: Tue, 20 Nov 2012 14:26:15 +0330 From: Hooma Fazaeli User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20121026 Thunderbird/16.0.2 MIME-Version: 1.0 To: Daniel Hartmeier Subject: Re: WAN load balance with PF References: <3908090977629100732@unknownmsgid> <50AB59F3.6070208@gmail.com> <20121120103424.GA18780@insomnia.benzedrine.cx> In-Reply-To: <20121120103424.GA18780@insomnia.benzedrine.cx> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 10:56:21 -0000 On 11/20/2012 02:04 ب.ظ, Daniel Hartmeier wrote: > On Tue, Nov 20, 2012 at 01:52:43PM +0330, Hooma Fazaeli wrote: > >> If we could connect both ADSl modems to the box, a config like below >> would work: >> >> lan_if = "em0" >> wan_if1 = "em1" >> wan_if2 = "em2" >> >> nat on $wan_if1 from $lan_if1:network to any -> $wan_if1 >> nat on $wan_if2 from $lan_if1:network to any -> $wan_if2 >> >> pass in on $lan_if route-to {($wan_if1 $wan_ip1) ($wan_if2 $wan_ip2)} >> pass all >> >> our problem is that since both WAN links are connected to the same >> interface (via the switch) >> there is no way to distinguish between the two in NAT rules. >> >> Any idea? > You could try to do round-robin on the nat rule, and route-to on 'pass > out' rules on the default route interface (nat comes first), like > > # assuming default route through $wan_if1 > nat on $wan_if1 from $lan_if1:network to any -> { $wan_if1 $wan_if2 } round-robin > pass out on $wan_if1 route-to ($wan_if2 $wan_ip2) from $wan_if2 to any > > Daniel But there is no wan_if2 actually. The box has only two interfaces: one connected to LAN and the other connected to L2 switch (to which modems are connected).