|
|
|
|
|
|
| Author |
Message |
Maurice Janssen
*nix forums beginner
Joined: 28 Mar 2005
Posts: 20
|
 Posted: Mon Jun 26, 2006 1:03 pm Post subject:
Re: Routing policies
|
|
|
On Sun, 25 Jun 2006 23:15:12 +0200, lost wrote:
| Quote: | No need for tagging, just use something like this:
pass in quick on $if2 reply-to ($if2 $gw2) any
where $if2 and $gw2 are the non-default if and gw.
|
In case someone reads this thread on Google: the rule needs to be
extended to create state, otherwise 'reply-to' won't work.
And 'any' can of course be replaced to narrow it down as needed.
| Quote: | allright, my problem is more complicated.
I confirm, this works for packets coming to the host itself,
but on this interface packet are also redirected to the lan host,
|
That's nearly the same setup as I'm using (I'm using binat instead of
rdr). The f/w box doesn't run any services.
| Quote: | and these coming back packets don't want to be directed back to
the interface.
===
rdr pass on $ext_if inet proto tcp from any to $ext_if port 2226 -
192.168.0.16 port 22
rdr pass on $ext_if inet proto tcp from any to $ext_if port 2227 -
192.168.0.16 port 80
pass in quick on $ext_if reply-to ($ext_if $ext_gw) proto tcp from <trusted
to any port { 22, 80, 2226, 2227 }
flags S/SA keep state
===
ok, at the moment I found that probably "rdr pass... " masks "reply-to..."
...
yeah, eureca it works finaly, thanks for support 
|
That's good to hear.
--
Maurice |
|
| Back to top |
|
 |
lost
*nix forums beginner
Joined: 12 Mar 2005
Posts: 15
|
| Posted: Sun Jun 25, 2006 9:15 pm Post subject:
Re: Routing policies
|
|
|
| Quote: | No need for tagging, just use something like this:
pass in quick on $if2 reply-to ($if2 $gw2) any
where $if2 and $gw2 are the non-default if and gw.
allright, my problem is more complicated. |
I confirm, this works for packets coming to the host itself,
but on this interface packet are also redirected to the lan host,
and these coming back packets don't want to be directed back to
the interface.
===
rdr pass on $ext_if inet proto tcp from any to $ext_if port 2226 ->
192.168.0.16 port 22
rdr pass on $ext_if inet proto tcp from any to $ext_if port 2227 ->
192.168.0.16 port 80
pass in quick on $ext_if reply-to ($ext_if $ext_gw) proto tcp from <trusted>
to any port { 22, 80, 2226, 2227 }
flags S/SA keep state
===
ok, at the moment I found that probably "rdr pass... " masks "reply-to..."
....
yeah, eureca it works finaly, thanks for support :)
-- |
|
| Back to top |
|
|
Maurice Janssen
*nix forums beginner
Joined: 28 Mar 2005
Posts: 20
|
| Posted: Sat Jun 24, 2006 6:01 pm Post subject:
Re: Routing policies
|
|
|
On Wed, 21 Jun 2006 22:37:57 +0200, lost wrote:
| Quote: |
How do I make sure that all packets for a tcp connection use the same
interface, i.e. if I connect to the SDSL interface, the outbound traffic
also goes through the SDSL line, if I connect to the ADSL interface, the
outbound packet also use the ADSL interface?
The problem is not solved by me yet, but this is the explanation of it:
the source address of incomming packets become the destination
address for outgoing packets and routing apply.
If the address is out of space for SDSL routing the packets go by
default gateway.
Maybe somebody have the solution how to redirect these packets
back to the SDSL. (tagging ? )
|
No need for tagging, just use something like this:
pass in quick on $if2 reply-to ($if2 $gw2) any
where $if2 and $gw2 are the non-default if and gw.
--
Maurice |
|
| Back to top |
|
|
Maurice Janssen
*nix forums beginner
Joined: 28 Mar 2005
Posts: 20
|
| Posted: Sat Jun 24, 2006 5:58 pm Post subject:
Re: Routing policies
|
|
|
On Sat, 24 Jun 2006 19:37:51 +0200, lost wrote:
| Quote: |
I've never tried it myself, but it's a fairly common setup apparently.
Google should be able to help you out.
I have read pf.conf manual many times.
I asked this and another groups few times.
If you never tried - just try.
I tried, it doesn't work.
|
FWIW: it works for me.
--
Maurice |
|
| Back to top |
|
|
lost
*nix forums beginner
Joined: 12 Mar 2005
Posts: 15
|
| Posted: Sat Jun 24, 2006 5:37 pm Post subject:
Re: Routing policies
|
|
|
| Quote: |
I've never tried it myself, but it's a fairly common setup apparently.
Google should be able to help you out.
I have read pf.conf manual many times. |
I asked this and another groups few times.
If you never tried - just try.
I tried, it doesn't work.
I works like described previously.
lost |
|
| Back to top |
|
|
jKILLSPAM.schipper@math.u
*nix forums Guru Wannabe
Joined: 13 Nov 2005
Posts: 202
|
| Posted: Thu Jun 22, 2006 2:22 pm Post subject:
Re: Routing policies
|
|
|
lost <nospam.reader@super.int.pl> wrote:
| Quote: |
How do I make sure that all packets for a tcp connection use the same
interface, i.e. if I connect to the SDSL interface, the outbound traffic
also goes through the SDSL line, if I connect to the ADSL interface, the
outbound packet also use the ADSL interface?
The problem is not solved by me yet, but this is the explanation of it:
the source address of incomming packets become the destination
address for outgoing packets and routing apply.
If the address is out of space for SDSL routing the packets go by
default gateway.
Maybe somebody have the solution how to redirect these packets
back to the SDSL. (tagging ? )
|
The pf FAQ and pf.conf(5) man page will help you by setting up reply-to
and route-to in pf(4) rules.
I've never tried it myself, but it's a fairly common setup apparently.
Google should be able to help you out.
Joachim |
|
| Back to top |
|
|
lost
*nix forums beginner
Joined: 12 Mar 2005
Posts: 15
|
| Posted: Wed Jun 21, 2006 8:37 pm Post subject:
Re: Routing policies
|
|
|
| Quote: |
How do I make sure that all packets for a tcp connection use the same
interface, i.e. if I connect to the SDSL interface, the outbound traffic
also goes through the SDSL line, if I connect to the ADSL interface, the
outbound packet also use the ADSL interface?
The problem is not solved by me yet, but this is the explanation of it: |
the source address of incomming packets become the destination
address for outgoing packets and routing apply.
If the address is out of space for SDSL routing the packets go by
default gateway.
Maybe somebody have the solution how to redirect these packets
back to the SDSL. (tagging ? )
cheers |
|
| Back to top |
|
|
Frank-Christian Kruegel
*nix forums beginner
Joined: 30 Apr 2005
Posts: 4
|
| Posted: Wed Jun 21, 2006 7:54 pm Post subject:
Routing policies
|
|
|
Hi!
I've got an OpenBSD based router with three interfaces:
- internal net 192.168.*
- ADSL connection - slow but cheap (flatrate)
- SDSL connection - fast but expensive traffic
The SDSL line is used for a VPN connection to a branch office, the ADSL line
does the rest, including default gw.
How do I make sure that all packets for a tcp connection use the same
interface, i.e. if I connect to the SDSL interface, the outbound traffic
also goes through the SDSL line, if I connect to the ADSL interface, the
outbound packet also use the ADSL interface?
Mit freundlichen Grüßen
Frank-Christian Krügel |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Fri Nov 21, 2008 4:55 am | All times are GMT
|
|
Remortgages | Cheap Loan | Cheap Car Insurance | Problem Mortgage | Mortgage Calculator
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
BSD
»
OpenBSD
