Date: Wed, 24 Nov 2004 18:14:38 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: pf multipath nat Message-ID: <200411241814.50964.max@love2party.net> In-Reply-To: <419EA38B.4000907@cuk.nu> References: <419EA38B.4000907@cuk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart3600262.3W7UDktdrk Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Marko, [ Please line-wrap your mail ] On Saturday 20 November 2004 02:53, Marko Cuk wrote: > I have a question regarding this... > > What happen, if one of the uplinks goes down ? What does pf knows about > states of interfaces and availiability ? Nothing. In OpenBSD there is a daemon called ifstated(8) which monitors the= =20 interface states and can take action if one link goes down. For instance, i= t=20 could remove the related rules from an anchor. =46ortunately, Matthew George has just recently ported ifstated(8) and it h= as=20 been included into the ports collection ad net/ifstated: http://www.freshports.org/net/ifstated/ > I'd like to know also, how to configure FreeBSD, to send out packet with > proper source IP and what is the default route in that case ? Can anyone > speak a little about that ? That depends on what you want. For traffic from your LAN you explicitly set= =20 the source IP in the NAT rules. For traffic originating from the gateway=20 itself, you have to decide where you want it to go and how it should get=20 there. You can always ask pf to pickup that traffic as well and transform i= t=20 in the same ways you do it for traffic originated from your LAN/DMZ. > Tnx, Marko Cuk > > On Tuesday 16 November 2004 13:08, =C5=81ukasz Dudek wrote: > >/ Dnia Wto, Lis 09, 2004 o godzinie 02:13:34 +0100, =C5=81ukasz Dudek > > napisa=C5=82(a): > > />/ > Dnia Pon, Lis 08, 2004 o godzinie 04:21:39 +0100, Max Laier > napisa=C5=82(a): />/ > > On Monday 08 November 2004 15:30, =C5=81ukasz Du= dek wrote: > />/ > > > i've tried to configure multipath nat using RELENG_5 box > />/ > > > (when it was current and now when it became stable) > />/ > />/ this is full ruleset > / > Okay sorry for the delay, but I was (and in fact still am) very busy with > real life these days. Will hopefully resume to full working speed soon. > > Nontheless, I finally found some time to rig a test-setup for this ruleset > with two Soekris boxes. Unfortunately I wasn't able to see any problem. No > hang, no stalling, nothing! Can you please try to get more information > about the problem in your setup? > > I need to know what kind of "hang" it is. Deadlock, lifelock, etc? Try to > break into the debugger via serial console or Crtl + ALt + Esc etc. I > cannot reproduce it, sorry. > > Does anybody successfully run more than one uplink in this way? What > hardware do you have? > > Same question to =C5=81ukasz, what kind of box is this? Are we looking at= an SMP > box? > > >/ can i provide any more information or is there anything anything i can > > />/ do to help resolv this issue, have anyone been able to reproduce this > />/ behaviour, i would really like to utilize second link using freebsd b= ox > />/ moving every service from free to open will be performance lost and > />/ services, network downtime. this box without configuring second link > />/ is 100% stable > / > I really need some definite description of the problem. "It seems to hang" > is way too imprecise, sorry. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart3600262.3W7UDktdrk Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBpMGKXyyEoT62BG0RAvisAJ0carU0FYwIjGIn4DPozYH1yPKSZgCfVoSU y+9k7u/3+mrzczo0AvvTQS8= =9opC -----END PGP SIGNATURE----- --nextPart3600262.3W7UDktdrk--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411241814.50964.max>