pf multipath nat

Max Laier max at love2party.net
Mon Nov 8 07:21:42 PST 2004 

On Monday 08 November 2004 15:30, Łukasz Dudek wrote:
> i've tried to configure multipath nat using RELENG_5 box
> (when it was current and now when it became stable)
>
> this are simplified rules schema i've been using

Please send the *complete* ruleset you are useing.

> nat on $ext_if1 from $int_subnet to any -> ($ext_if1)
> nat on $ext_if2 from $int_subnet to any -> ($ext_if2)
>
> #
> ## routing for internal subnets
>
> pass in on $int_if \
>        route-to { ( $ext_if1 $gateway1), ( $ext_if2 $gateway2 ) }
> round-robin \ from $int_subnet to any keep state
>
>
> ## need the next rules to properly pass traffic to/from the external IPs
>
> pass out on $ext_if2 route-to ($ext_if1 $gateway1) from $ext_if1 to any
> pass out on $ext_if1 route-to ($ext_if2 $gateway2) from $ext_if2 to any
>
> every time i've loaded this rules machine hangs hard in 30 to 300
> seconds leaving nothing on special information on console or in logs
>
> i've been manipulating debug.mpsafenet without any change

Are you *sure* that you had debug.mpsafenet=0 in the end? You know that it is 
only changeable during the loader and *not* in the live system?

> i've compiled in remote console via serial cable support
> i've also compiled in required debugging options.
>
> and it shows nothing but i've been able to send break.
> and probably manualy send doadump (i didnt try)
>
> then i've setup an openbsd 3.5 generic install on another disk
> and just copied my pf.conf to started the machine and everything
> was working fine for few hours.
>
> so i'm curios what should i look for to make it working on freebsd, or
> meaby something is wrong whith my configuration or freebsd.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20041108/ff5e874f/attachment.bin

More information about the freebsd-pf mailing list