Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 12 Jul 2007 17:19:43 +0300
From:      Artyom Viklenko <artem@aws-net.org.ua>
To:        Andrea Venturoli <ml@netfence.it>
Cc:        freebsd-net@freebsd.org
Subject:   Re: Again two ADSL lines, routing problems
Message-ID:  <4696387F.4080404@aws-net.org.ua>
In-Reply-To: <46961C0B.6060004@netfence.it>
References:  <4695FEF4.4030708@netfence.it> <469616B2.2020803@aws-net.org.ua> <46961C0B.6060004@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help 
Andrea Venturoli wrote:
> Artyom Viklenko ha scritto:
> 
>> You have to enforce simmetrical routing on your FreeBSD box.
>> You can use, for example, PF firewall Using such options and features
>> as labels and route-to/reply-to statemens.
>>
>> Also it is possible with ipfw, but I prefer PF. :)
> 
> 
> Thanks, this is interesting. However I failed to understand what you 
> mean exactly.
> Do you have any pointer to a document that explains this?
> I searched in PF's and ipfw's manual, but found nothing that I could 
> relate to this.
> 
> Also, I'm right now using ipfw...
> 
>  bye & Thanks
>     av.


Very brief example (just to show main idea).
Assume you have thre interfaces in router fxp0 - lan, fxp1 - adsl1, fxp2 - adsl2.
fxp0 - 192.168.0.1, fxp1 - 192.168.1.2, fxp2 - 192.168.2.2
adsl1 - 192.168.1.1, adsl2 - 192.168.2.1



$server="192.168.0.2"
$adsl1="192.168.1.1"
$adsl2="192.168.2.1"

pass in on fxp1 inet from any to $server keep state tag ADSL1
pass in on fxp2 inet from any to $server keep state tag ADSL2

pass out on fxp0 reply-to (fxp1 $adsl1) from any to $server tagged ADSL1 keep state
pass out on fxp0 reply-to (fxp2 $adsl2) from any to $server tagged ADSL2 keep state

This is just part of whole rulebase regarding your problem.
Packets coming in via adsl1 will pass and got tagged by ADSL1 tag. Also, state will
be created. Then packet will pass out to server, state will be created. and all 
replies from server will be frowarded back via adsl1.

Same for traffic from adsl2.


Also, see OpenBSD PF FAQ.
Hope this helps.

-- 
            Sincerely yours,
                             Artyom Viklenko.
-------------------------------------------------------
artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem
FreeBSD: The Power to Serve   -  http://www.freebsd.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4696387F.4080404>