pf multipath nat

ŁukaszDudek mocart at
Mon Nov 8 06:30:46 PST 2004


i've tried to configure multipath nat using RELENG_5 box
(when it was current and now when it became stable)

this are simplified rules schema i've been using

nat on $ext_if1 from $int_subnet to any -> ($ext_if1)
nat on $ext_if2 from $int_subnet to any -> ($ext_if2)

## routing for internal subnets

pass in on $int_if \
       route-to { ( $ext_if1 $gateway1), ( $ext_if2 $gateway2 ) } round-robin \
       from $int_subnet to any keep state

## need the next rules to properly pass traffic to/from the external IPs

pass out on $ext_if2 route-to ($ext_if1 $gateway1) from $ext_if1 to any
pass out on $ext_if1 route-to ($ext_if2 $gateway2) from $ext_if2 to any

every time i've loaded this rules machine hangs hard in 30 to 300
seconds leaving nothing on special information on console or in logs

i've been manipulating debug.mpsafenet without any change
i've compiled in remote console via serial cable support 
i've also compiled in required debugging options.

and it shows nothing but i've been able to send break.
and probably manualy send doadump (i didnt try)

then i've setup an openbsd 3.5 generic install on another disk
and just copied my pf.conf to started the machine and everything
was working fine for few hours.

so i'm curios what should i look for to make it working on freebsd, or
meaby something is wrong whith my configuration or freebsd.

Lukasz Dudek

More information about the freebsd-pf mailing list