pf route-to?
Ben Shelton
fbsd-pf at shelton.ca
Thu Mar 17 13:33:54 PST 2005
Hi all,
I've got a little bit of an issue with pf and the route-to statement.
We have 2 ISPs currently and I'd like to get both of the uplinks put on
the freebsd box using pf to firewall/route for them. I have a couple
route-to rules set up but they don't seem to do much. I'm sure I'm just
missing some little detail here or misunderstanding exactly what
route-to is doing but I can't find any examples.
I've got:
ISP1 ISP2
| |
firewall
|
internal net
So the internal net has hosts on both ISP1 and ISP2's subnets and
therefore has traffic to/from both ISPs travelling on it. The firewall
is the default router for both internal subnets (via aliases on the
interface). I have the pf rules:
pass in quick on $inside_int route to ( $ISP1_int $ISP1_router ) inet
proto icmp from $ISP1_inside_net to any keep state
pass out quick on $ISP1_int route to ( $ISP1_int $ISP1_router ) inet
proto icmp from $ISP1_inside_net to any keep state
It doesn't seem to work. I do a tcpdump on $ICP1_int and don't see any
traffic from a host inside, though I do see the traffic on $inside_int.
Something's not being routed properly. I moved these two rules up
pretty far in the ruleset to make sure they're not being dropped quick
by anything else, but to no avail. There are no antispoof rules here or
anything, so that probably isn't a factor.
Any help is greatly appreciated. I'm down to just banging my head on
the box hoping it works (and it doesn't seem to be helping).
Later,
Ben
More information about the freebsd-pf
mailing list