route-to not working

[Stefan Lambrev]

Greetings,


Wesley wrote:
>  Dear people,
>
> I have 2 links on a box, and I don't want to load balance it but, only to
> reply requests in the same interface that it comes.
>
> I tried to use the route-to, but it not seems to work.
>
> Could you please, give-me a help?
>   
I do not see where you use "reply-to" in you configuration

But here is working example which you can improve off course.

#dual home
pass in on $ext_if1 reply-to ($ext_if1 $gw1) from any to $external_addr1 
keep state
pass out on $ext_if2 route-to ($ext_if1 $gw1) from $external_addr1 to any
pass in on $ext_if2 reply-to ($ext_if2 $gw2) from any to $external_addr2 
keep state
pass out on $ext_if1 route-to ($ext_if2 $gw1) from $external_addr2 to any

#dual home ssh only
pass out on $ext_if2 route-to ($ext_if1 $gw1) from $external_addr1 to any
pass out on $ext_if1 route-to ($ext_if2 $gw1) from $external_addr2 to any
pass in on $ext_if1 reply-to ($ext_if1 $gw1) proto tcp from any to 
$external_addr1 port 22 keep state
pass in on $ext_if2 reply-to ($ext_if2 $gw2) proto tcp from any to 
$external_addr2 port 22 keep state
> It's my configuration:
>
> set skip on lo0
> scrub on xl0 reassemble tcp no-df random-id
> scrub on xl1 reassemble tcp no-df random-id
> scrub on dc0 reassemble tcp no-df random-id
> nat on xl0 from 172.16.0.0/24 to any -> (xl0) static-port
> rdr on dc0 inet proto tcp to port 80 -> 127.0.0.1 port 3128 round-robin
> sticky-address
> antispoof quick for {xl0,dc0,xl1}
> block proto tcp from 172.16.0.0/24 to any port 3128
> # Internal Traffic
> pass in quick on dc0 from any to any
> pass out quick on dc0 from any to any
> # Outgoing
> pass out on xl0 proto tcp all flags S/SA modulate state
> pass out on xl0 proto { udp, icmp } all keep state
> pass out on xl1 proto tcp all flags S/SA modulate state
> pass out on xl1 proto { udp, icmp } all keep state
> # Pass basic services
> pass in quick on xl1 proto tcp from any to any port { 22, 21, 1194 } keep
> state
> pass in quick on xl0 proto tcp from any to any port { 22, 21, 1194 } keep
> state
> pass in on xl0 proto udp from any to any port 53
> pass in on xl1 proto udp from any to any port 53
> # Pass VPN
> pass in quick on xl1 proto udp from any to port 1194 keep state
> pass quick on tun0
> # Source nat route
> pass out log on xl0 route-to ( xl1 200.232.164.1 ) from xl1 to any
> pass out on xl1 route-to ( xl0 201.83.16.1 ) from xl0 to any
> # Close
> block return-rst in log quick on xl0 inet proto tcp from any to any
> block return-rst in log quick on xl1 inet proto tcp from any to any
> block return-icmp in log quick on xl0 proto udp from any to any
> block return-icmp in log quick on xl1 proto udp from any to any
> block in quick on xl0 all
> block in quick on xl1 all
>
> Best Regards,
>
> Wesley Gentine
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>   

-- 

Best Wishes,
Stefan Lambrev
ICQ# 24134177