Multiple ISP routing by port

eculp eculp at encontacto.net
Wed Jan 28 06:31:30 PST 2009 

Quoting Max Laier <max at love2party.net>:

> On Tuesday 27 January 2009 06:18:09 jmaps-fbsdnet at fireburns.net wrote:
>> I've read through what I could find in this list and also in the top 50
>> results on google... I can't find anything that'll actually make this work.
>>
>> My DSL ISP is too far away to give me anything faster than 1.5mbps down. In
>> despiration I signed up for comcast to use for bulk traffic.
>>
>> Thus, I want to route critical traffic (22, 25, 53, (maybe) 80, 443)
>> through the DSL provider and the rest through cable.
>>
>> I really feel like this should be possible with PF with something like:
>>
>> nat on $dsl_if from ($int_if:network) to any port $dslports -> ($dsl_if)
>> nat on $cbl_if from ($int_if:network) to any -> ($cbl_if)
>>
>> or
>>
>> pass in quick on $int_if route-to { ($dsl_if $dsl_gw) } proto { tcp udp }
>> from ($int_if:network) to any port $dslports
>>
>> Neither (or both) seem to do it. All traffic ends up getting routed through
>> whichever ISP i have set as the default route.
>
> Take a look at: http://www.openbsd.org/faq/pf/pools.html#outgoing
>
I was aware of the round robin load balancing but I, as the poster, am  
interested in what is referred to "critical traffic" through one ISP  
and all other through a second.  How would that be accomplished with  
pf and or with Julian's fib's ?

Thanks,

ed

> You are probably missing the following part of the setup:
> | To ensure that packets with a source address belonging to $ext_if1 are
> | always routed to $ext_gw1 (and similarly for $ext_if2 and $ext_gw2), the
> | following two lines should be included in the ruleset:
> |
> |    pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 \
> |       to any
> |    pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 \
> |       to any
>
> This obviously has to be adapted for you specific setup - but in general this
> works as expected.
>
>> Now, I hear i can go over to linux and just configure both default routes
>> at the same time (trivial with iproute2). But I'd rather avoid that if at
>> all possible.
>>
>> Is there some trick I'm missing? Does quagga (bgpd) allow for this kind of
>> routing scheme?
>
> --
> /"\  Best regards,                      | mlaier at freebsd.org
> \ /  Max Laier                          | ICQ #67774661
>  X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
> / \  ASCII Ribbon Campaign              | Against HTML Mail and News
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

More information about the freebsd-net mailing list