pf multipath nat

Max Laier max at love2party.net
Wed Nov 24 09:14:23 PST 2004 

Marko,

[ Please line-wrap your mail ]

On Saturday 20 November 2004 02:53, Marko Cuk wrote:
> I have a question regarding this...
>
> What happen, if one of the uplinks goes down ? What does pf knows about
> states of interfaces and availiability ?

Nothing. In OpenBSD there is a daemon called ifstated(8) which monitors the 
interface states and can take action if one link goes down. For instance, it 
could remove the related rules from an anchor.

Fortunately, Matthew George has just recently ported ifstated(8) and it has 
been included into the ports collection ad net/ifstated:
http://www.freshports.org/net/ifstated/

> I'd like to know also, how to configure FreeBSD, to send out packet with
> proper source IP and what is the default route in that case ? Can anyone
> speak a little about that ?

That depends on what you want. For traffic from your LAN you explicitly set 
the source IP in the NAT rules. For traffic originating from the gateway 
itself, you have to decide where you want it to go and how it should get 
there. You can always ask pf to pickup that traffic as well and transform it 
in the same ways you do it for traffic originated from your LAN/DMZ.

> Tnx, Marko Cuk
>
> On Tuesday 16 November 2004 13:08, Łukasz Dudek wrote:
> >/ Dnia Wto, Lis 09, 2004 o godzinie 02:13:34 +0100, Łukasz Dudek
> > napisał(a):
>
> />/ > Dnia Pon, Lis 08, 2004 o godzinie 04:21:39 +0100, Max Laier
> napisał(a): />/ > > On Monday 08 November 2004 15:30, Łukasz Dudek wrote:
> />/ > > > i've tried to configure multipath nat using RELENG_5 box
> />/ > > > (when it was current and now when it became stable)
> />/
> />/ this is full ruleset
> /
> Okay sorry for the delay, but I was (and in fact still am) very busy with
> real life these days. Will hopefully resume to full working speed soon.
>
> Nontheless, I finally found some time to rig a test-setup for this ruleset
> with two Soekris boxes. Unfortunately I wasn't able to see any problem. No
> hang, no stalling, nothing! Can you please try to get more information
> about the problem in your setup?
>
> I need to know what kind of "hang" it is. Deadlock, lifelock, etc? Try to
> break into the debugger via serial console or Crtl + ALt + Esc etc. I
> cannot reproduce it, sorry.
>
> Does anybody successfully run more than one uplink in this way? What
> hardware do you have?
>
> Same question to Łukasz, what kind of box is this? Are we looking at an SMP
> box?
>
> >/ can i provide any more information or is there anything anything i can
>
> />/ do to help resolv this issue, have anyone been able to reproduce this
> />/ behaviour, i would really like to utilize second link using freebsd box
> />/ moving every service from free to open will be performance lost and
> />/ services, network downtime. this box without configuring second link
> />/ is 100% stable
> /
> I really need some definite description of the problem. "It seems to hang"
> is way too imprecise, sorry.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20041124/369dc8da/attachment.bin

More information about the freebsd-pf mailing list