Re: NAT+RDR vs ROUTING problem

[Andreas Forsgren <andreas.forsgren@direct2internet.com>]

Ok, I think I've got it up-and-running (upped to 3.1 too). But it'll be a
lot to edit in pf.conf :)

Here's what I did:

[ xl0 = primary broadband connection (dhcpd)
  tl0 = secondary adsl connection (static) ]

pass out log quick on xl0 route-to tl0:<sec_inet_gw> proto icmp
	from tl0 to any

pass out log quick on xl0 proto icmp
	from any to any

This seems to work. I can ping both my external IPs. The question is,
would I have to do something like this for every rule I have?

[root@lan-gw-001 etc]# grep -v ^# pf.conf | wc -l
     131

Ohh mama...

Regards,
Andreas

On Mon, 10 Jun 2002, Dries Schellekens wrote:

> On Mon, 10 Jun 2002, Ramin Alidousti wrote:
>
> > On Mon, Jun 10, 2002 at 02:27:53PM +0200, Andreas Forsgren wrote:
> >
> > > Odd,
> > >
> > > I have the exact same problem here. Somehow I got it to work for a day or
> > > two, but then it suddenly stopped. The problem is that incoming packages
> > > arrives on tl0, then gets sent out on xl0 instead.
> > >
> > > Jun 10 13:20:19.413185 rule 119/0(match): pass in on tl0: x.x.x.x >
> > > 	y.y.y.y: icmp: echo request (DF)
> > >
> > > Jun 10 13:20:19.413274 rule 125/0(match): pass out on xl0: y.y.y.y >
> > > 	x.x.x.x: icmp: echo reply (DF)
> > >
> > > And no, I'd rather not go with Linux... please :)
> >
> > OK, I admit that I don't know much about policy routing with bsd.
> > If bsd has this concept _and_ can hold multiple routing tables _and_
> > multiple default routes, accordingly _and_ can make routing decisions
> > not only based on the dst address but based on other criteria, then
> > you don't need to go with linux ;-)
>
> You can make routing decisions based on src address and port, destination
> address and port, protocol, user and group id with PF.
> The magic of route-to and dup-to.
>
>
> Dries
> --
> Dries Schellekens
> email: gwyllion@ulyssis.org