About policy routing

Ismail OZATAY ismail at ismailozatay.net
Mon Aug 4 20:51:08 UTC 2008


Hi there,

Today i tried to make a policy routing with pf on freebsd 7 server for my 
second internet connection but couldn't do it. My default gw is dsl and want 
to use leased line for second connection. I do not know where is the problem 
?
Here is my pf.conf file ;

> ll="sk0"
> ll_gw="212.212.1.1"
> ll_ip="212.212.1.2"
>
> dmz="sk1"
> dmz_net="230.230.1.176/28"
> dmz_ip="230.230.1.177"
>
> dsl="rl0"
> dsl_gw="10.1.1.1"
> dsl_ip="10.1.1.2"
>
> int="sk2"
> int_net="10.10.10.0/24"
> int_ip="10.10.10.1"
>
> set optimization aggressive
> set skip on lo
>
> scrub in all
>
> nat on $dsl from $int_net to any -> $dsl_ip
>
> # Default block
> ###############
> block in log all
> block out log all
>
> antispoof quick for { lo $int $ll $dsl $dmz }
> pass out on $dsl inet proto tcp from $dsl to any keep state
> pass out on $dsl inet proto udp from $dsl to any keep state
> pass out on $ll  inet proto tcp from $ll  to any keep state
> pass out on $ll  inet proto udp from $ll  to any keep state
>
> pass in on $int inet proto tcp from $int_net to any port { http, https } 
> flags S/SA keep state
> pass in on $int inet proto udp from $int_net to any port domain keep state
>
> pass in log on $dmz route-to($ll $ll_gw) inet proto tcp from $dmz_net to 
> any port { http, https } flags S/SA keep state
> pass in log on $dmz route-to($ll $ll_gw) inet proto udp from $dmz_net to 
> any port domain flags S/SA keep state

Can you correct me ?

Thanks

ismail 



More information about the freebsd-pf mailing list