[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Source-based routing and pf

To: Guillaume Tournat <g.tournat@free.fr>
Subject: Re: Source-based routing and pf
From: Cedric Berger <cedric@berger.to>
Date: Tue, 17 Feb 2004 16:39:49 +0100
Cc: misc@openbsd.org
References: <403230E1.20508@free.fr>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113

Guillaume Tournat wrote:

> Hello,
>
> I've got a problem configuring pf to do what i want.
> I have an openbsd-box that acts as a firewall-nat and
> a dsl link to the internet. It works well.
>
> But for bandwidth reason, I want to add another dsl link,
> with another ip, and do some dns round-robin on the names.
>
> But the trafic that comes from router 2 doesn't go back
> through it, but through the default gw which is router 1.
> And it fails, because router 1 blocks trafic which not entered
> by it.
>
> So, I'd like to tell pf to route return packets that entered
> through router 2 to go back by router 2.
>
> A little draw ;)
>
>  router1     router2
>   o                o
>   |                |
>   |---| switch |---|
>            |
>          OBSD
>           FW
>            |
>       | switch |
>            |
>   ------------------
>   |     |    |     |
>   WWW  FTP  SMTP  POP
>
>
> If you understand the upside-down description of my problem,
> thanks for help ;o)

"reply-to" is your friend here.
If possible, you should get another NIC, so each upstream router
enter from a different interface, which would make deciding from
which router the packet comes easy (and maybee save a switch)
Otherwise, maybee it is possible to tag incoming packets based
on their MAC address, not sure exactly how.
Cedric

References:
- Source-based routing and pf
  - From: Guillaume Tournat <g.tournat@free.fr>

Prev by Date: Re: Replacement for XFree86...
Next by Date: Re: XFree86 license
Prev by thread: Source-based routing and pf
Next by thread: pfstat performance issues
Index(es):
- Date
- Thread