route-to rule.

Chris Dionissopoulos dionch at freemail.gr
Mon Jan 24 14:47:02 PST 2005 

try this one:

set state-policy if-bound

lan = <lan_nic>
ext_if1 = <your_ext_nic1>
ext_if2 = <your_ext_nic2>
gw1 = <your_gw1>
gw2 = <your_bw2>

1 = "(" $ext_if1 $gw1 ")"
2 = "(" $ext_if2 $gw2 ")"

 nat on $ext_if1 from $internal_net to any -> ($ext_if1)
 nat on $ext_if2 from $internal_net to any -> ($ext_if2)

#local
pass in quick on $lan inet from $lan:network to $lan keep state
pass out quick on $lan inet from $lan to $lan:network keep state

#wans
pass in on  $ext_if1  tag  $ext_if1 keep state
pass out on $lan reply-to $1 tagged  $ext_if1 keep state

pass in on  $ext_if2 tag $ext_if2 keep state
pass out on $lan reply-to $2 tagged $ext_if2 keep state

# balance
pass in on $lan route-to { $0 $1 } round-robin keep state

#OUT
pass out on $ext_if1 route-to $0 keep state
pass out on $ext_if1 route-to $1 keep state

and tell us if worked for you.

Chris.


----- Original Message ----- 
From: "Stephane Raimbault" <segr at hotmail.com>
To: <freebsd-pf at freebsd.org>
Sent: Tuesday, January 25, 2005 12:24 AM
Subject: route-to rule.


>I have a freebsd box with 2 wan interfaces, 1 lan interface and 1 tun 
>interface.
>
> I have pf setup so that 10.1.0.64/26 and 10.1.0.128/25 go out our second 
> wan interface like this:
>
> nat on $ext_if1 from $internal_net to any -> ($ext_if1)
> nat on $ext_if2 from $internal_net to any -> ($ext_if2)
>
> pass in on $int_if route-to ($ext_if2 $ext_gw2) from { 10.1.0.64/26 , 
> 10.1.0.128/25 } to any
>
> pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
> pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
>
>
> However, any traffic destined to 10.0.0.0/26 accessible via the tun0 
> interface doesn't get routed as I'm guessing it goes out to the 2nd wan 
> interface ( $ext_if2 ).
>
> I've tried modifying the pass in line like this:
>
> pass in on $int_if route-to ($ext_if2 $ext_gw2) from { 10.1.0.64/26 , 
> 10.1.0.128/25 } to { 0.0.0.0/0, !10.0.0.0/26 }
>
> However it did not work.  Any suggestions on this?
>
> thanks,
> stephane.
>
> _________________________________________________________________
> Take charge with a pop-up guard built on patented Microsoft® SmartScreen 
> Technology. 
> http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines 
> Start enjoying all the benefits of MSN® Premium right now and get the 
> first two months FREE*.
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org" 


____________________________________________________________________
http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ.
http://www.freemail.gr - free email service for the Greek-speaking.

More information about the freebsd-pf mailing list