Date: Fri, 05 Aug 2016 03:05:55 +0300 From: "Zeus Panchenko" <zeus@ibs.dn.ua> To: <freebsd-pf@freebsd.org> Subject: wan1 as default, wan2 dedicated to a service Message-ID: <20160805030555.53101@relay.ibs.dn.ua>
next in thread | raw e-mail | index | archive | help
hi,
I need trivial thing but wondering where am I wrong ... :(
help please
I have two WAN interfaces: wan1 and wan2
wan1 is default route interface, wan2 is dedicated for DVR (video)
I'm trying to direct all output from DVR to wan2 (here I do not care of
where a request to DVR came from, I want all replies to go out trough wan2)
so, I hoped to do that with this pf.config
---[ start ]------------------------------------------------------------
if_wan1 = "em0"
if_wan2 = "igb0" # ip address A.B.C.D
gw_wan2 = "E.F.G.H"
if_dvr="vlan123"
table <dvr> const { 10.0.0.0/24 }
# redirect all requests on wan2 to DVR host1
rdr pass on $if_wan2 proto { tcp, udp } to ($if_wan2) port 1234 -> 10.0.0.1 port 5678
nat log on $if_wan2 from <dvr> to any -> ($if_wan2)
...
pass in log on $if_dvr route-to ($if_wan2 $gw_wan2) from <dvr> to any keep state
---[ stop ]------------------------------------------------------------
as results,
I see requests from world on $if_wan2
I see redirects of the requests, out packets on $if_dvr
I see replies to the requests, in packets on $if_dvr
but I see ($if_wan2) sourced replies, and I see them on *$if_wan1*
so, as I understand ... route-to works, otherwise replies wouldn't be
from ($if_wan2)
but nated replies appears on $if_wan1 what is default route ... so
... how can I have replies go out through $if_wan2? is it question of
the second routing table?
please, advise
--
Zeus V. Panchenko jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160805030555.53101>