Again two ADSL lines, routing problems

Josh Paetzel josh at
Thu Jul 12 12:45:07 UTC 2007

On Thursday 12 July 2007, Andrea Venturoli wrote:
> Artyom Viklenko ha scritto:
> > You have to enforce simmetrical routing on your FreeBSD box.
> > You can use, for example, PF firewall Using such options and
> > features as labels and route-to/reply-to statemens.
> >
> > Also it is possible with ipfw, but I prefer PF. :)
> Thanks, this is interesting. However I failed to understand what
> you mean exactly.
> Do you have any pointer to a document that explains this?
> I searched in PF's and ipfw's manual, but found nothing that I
> could relate to this.
> Also, I'm right now using ipfw...
>   bye & Thanks
> 	av.

errrm, in pf I can give you a concrete example of how to deal with 

Since you haven't given a concrete example I'll make one up.  Say you 
have a FBSD box with em0 connected to one DSL connection on and the default route set to and em1 on the 
other DSL connection with IP and the router for that 
connection on

Your question seemed to imply that you don't want to load-balance or 
really even do round-robin NAT and you're fine with manually cutting 
over the default route in case a link fails, but the problem you are 
having is that the responses to incoming connections go out the 
default route, which doesn't work.

Here's the fix to that in PF:

pass out route-to (em1 from to any

This will not do load-balancing, fail-over, or round-robin NAT, but it 
will make replies to incoming connections on the 'other' DSL 
connection go out the same interface the incoming connection came in 
on with the proper source address.



Josh Paetzel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-net mailing list