Again two ADSL lines, routing problems
josh at tcbug.org
Thu Jul 12 12:45:07 UTC 2007
On Thursday 12 July 2007, Andrea Venturoli wrote:
> Artyom Viklenko ha scritto:
> > You have to enforce simmetrical routing on your FreeBSD box.
> > You can use, for example, PF firewall Using such options and
> > features as labels and route-to/reply-to statemens.
> > Also it is possible with ipfw, but I prefer PF. :)
> Thanks, this is interesting. However I failed to understand what
> you mean exactly.
> Do you have any pointer to a document that explains this?
> I searched in PF's and ipfw's manual, but found nothing that I
> could relate to this.
> Also, I'm right now using ipfw...
> bye & Thanks
errrm, in pf I can give you a concrete example of how to deal with
Since you haven't given a concrete example I'll make one up. Say you
have a FBSD box with em0 connected to one DSL connection on
192.168.1.2 and the default route set to 192.168.1.1 and em1 on the
other DSL connection with IP 192.168.2.2 and the router for that
connection on 192.168.2.1
Your question seemed to imply that you don't want to load-balance or
really even do round-robin NAT and you're fine with manually cutting
over the default route in case a link fails, but the problem you are
having is that the responses to incoming connections go out the
default route, which doesn't work.
Here's the fix to that in PF:
pass out route-to (em1 192.168.2.1) from 192.168.2.2 to any
This will not do load-balancing, fail-over, or round-robin NAT, but it
will make replies to incoming connections on the 'other' DSL
connection go out the same interface the incoming connection came in
on with the proper source address.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20070712/8ee33c3d/attachment.pgp
More information about the freebsd-net