Multiroute question
Michael MacLeod
mikemacleod at gmail.com
Thu Sep 20 17:26:16 UTC 2012
Actually, multiple routing tables is the correct solution. I documented it
here:
http://www.mmacleod.ca/blog/2011/06/source-based-routing-with-freebsd-using-multiple-routing-table/
>From the post: "... But route-to and reply-to do not trump the default
routing table for traffic that originates or terminates on the router
itself. They are useful only for traffic passing through the router. pf can
only make routing decisions when a packet passes through an interface. It
can try and set the reply-to interface to be the second WAN connection when
an inbound SSH connection is made, but neither the SSH daemon nor the
routing table on the host know or care about the routing preferences of pf."
On Thu, Sep 20, 2012 at 11:01 AM, Michael Pounov <misho at elwix.org> wrote:
> Hi, Juan
>
> Use pf like in that simple example:
>
> $dsl_if = "CardA"
> $int_if = "CardB"
> $dsl_addr = "_dsl_if_ip_"
> $int_addr = "_int_if_ip_"
> $dsl_gw = "_dsl_gw_ip_"
> $int_gw = "_int_gw_ip_"
>
> set state-policy if-bound
>
> .... blah blah blah whatever rules ...
>
> pass out on $dsl_if route-to ($int_if $int_gw) from $int_if no state
> pass out on $int_if route-to ($dsl_if $dsl_gw) from $dsl_if no state
>
> # End pf example ;)
>
> On Thu, 20 Sep 2012 16:16:53 +0200
> Juan José Sánchez Mesa <juanjo.listas at doblej.net> wrote:
>
> > Hi!
> >
> > (sorry for my bad english)
> >
> > I have a FreeBSD machine (8.2-RELEASE-p3). The machine has two ethernet
> > cards, configured in this way:
> >
> > - Card A: internet IP address
> > - Card B: intranet IP address
> >
> > Default route goes via card A.
> >
> > Now, on the intranet I have a "normal" DSL router. Then, using NAT i've
> > forewarded a simple port from the DSL to the intranet IP of this machine.
> >
> > The incoming packets from the DSL comes ok to the machine (via card B),
> > but the outgoing packet goes to card A, due to the default route.
> >
> > There is a way to configure the network so that outgoing packets goes to
> > the card from where the incoming packets was arrived ?
> >
> > Or is this impossible to configure ?
> >
> > Thanks!!!
> >
> > _______________________________________________
> > freebsd-net at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
>
> --
> Best Regards,
>
> Michael Pounov
> ELWIX - embedded lightweight unix -
>
> WWW: http://www.elwix.org/
> EMail: misho at elwix.org
> Skype: mpunov
> XMPP: misho at aitnet.org
> Phone: +359 888 737358; +359 899 737358
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list