Again two ADSL lines, routing problems
artem at aws-net.org.ua
Thu Jul 12 14:19:45 UTC 2007
Andrea Venturoli wrote:
> Artyom Viklenko ha scritto:
>> You have to enforce simmetrical routing on your FreeBSD box.
>> You can use, for example, PF firewall Using such options and features
>> as labels and route-to/reply-to statemens.
>> Also it is possible with ipfw, but I prefer PF. :)
> Thanks, this is interesting. However I failed to understand what you
> mean exactly.
> Do you have any pointer to a document that explains this?
> I searched in PF's and ipfw's manual, but found nothing that I could
> relate to this.
> Also, I'm right now using ipfw...
> bye & Thanks
Very brief example (just to show main idea).
Assume you have thre interfaces in router fxp0 - lan, fxp1 - adsl1, fxp2 - adsl2.
fxp0 - 192.168.0.1, fxp1 - 192.168.1.2, fxp2 - 192.168.2.2
adsl1 - 192.168.1.1, adsl2 - 192.168.2.1
pass in on fxp1 inet from any to $server keep state tag ADSL1
pass in on fxp2 inet from any to $server keep state tag ADSL2
pass out on fxp0 reply-to (fxp1 $adsl1) from any to $server tagged ADSL1 keep state
pass out on fxp0 reply-to (fxp2 $adsl2) from any to $server tagged ADSL2 keep state
This is just part of whole rulebase regarding your problem.
Packets coming in via adsl1 will pass and got tagged by ADSL1 tag. Also, state will
be created. Then packet will pass out to server, state will be created. and all
replies from server will be frowarded back via adsl1.
Same for traffic from adsl2.
Also, see OpenBSD PF FAQ.
Hope this helps.
artem at aws-net.org.ua | http://www.aws-net.org.ua/~artem
FreeBSD: The Power to Serve - http://www.freebsd.org
More information about the freebsd-net