Re: route-to not working
- From: Wesley <wcglist@xxxxxxxxx>
- Date: Mon, 24 Mar 2008 15:43:20 -0300
Stephan,
I tried to use your example, but the packet is replying to wrong
interface.... Do you think that it's a bug?
Best regards,
Wesley
On Thu, Mar 20, 2008 at 9:57 AM, Stefan Lambrev <
stefan.lambrev@xxxxxxxxxxxxxxxx> wrote:
Greetings,_______________________________________________
Wesley wrote:
Dear people,to
I have 2 links on a box, and I don't want to load balance it but, only
reply requests in the same interface that it comes.I do not see where you use "reply-to" in you configuration
I tried to use the route-to, but it not seems to work.
Could you please, give-me a help?
But here is working example which you can improve off course.
#dual home
pass in on $ext_if1 reply-to ($ext_if1 $gw1) from any to $external_addr1
keep state
pass out on $ext_if2 route-to ($ext_if1 $gw1) from $external_addr1 to any
pass in on $ext_if2 reply-to ($ext_if2 $gw2) from any to $external_addr2
keep state
pass out on $ext_if1 route-to ($ext_if2 $gw1) from $external_addr2 to any
#dual home ssh only
pass out on $ext_if2 route-to ($ext_if1 $gw1) from $external_addr1 to any
pass out on $ext_if1 route-to ($ext_if2 $gw1) from $external_addr2 to any
pass in on $ext_if1 reply-to ($ext_if1 $gw1) proto tcp from any to
$external_addr1 port 22 keep state
pass in on $ext_if2 reply-to ($ext_if2 $gw2) proto tcp from any to
$external_addr2 port 22 keep state
> It's my configuration:
keep
set skip on lo0
scrub on xl0 reassemble tcp no-df random-id
scrub on xl1 reassemble tcp no-df random-id
scrub on dc0 reassemble tcp no-df random-id
nat on xl0 from 172.16.0.0/24 to any -> (xl0) static-port
rdr on dc0 inet proto tcp to port 80 -> 127.0.0.1 port 3128 round-robin
sticky-address
antispoof quick for {xl0,dc0,xl1}
block proto tcp from 172.16.0.0/24 to any port 3128
# Internal Traffic
pass in quick on dc0 from any to any
pass out quick on dc0 from any to any
# Outgoing
pass out on xl0 proto tcp all flags S/SA modulate state
pass out on xl0 proto { udp, icmp } all keep state
pass out on xl1 proto tcp all flags S/SA modulate state
pass out on xl1 proto { udp, icmp } all keep state
# Pass basic services
pass in quick on xl1 proto tcp from any to any port { 22, 21, 1194 }
statekeep
pass in quick on xl0 proto tcp from any to any port { 22, 21, 1194 }
state
pass in on xl0 proto udp from any to any port 53
pass in on xl1 proto udp from any to any port 53
# Pass VPN
pass in quick on xl1 proto udp from any to port 1194 keep state
pass quick on tun0
# Source nat route
pass out log on xl0 route-to ( xl1 200.232.164.1 ) from xl1 to any
pass out on xl1 route-to ( xl0 201.83.16.1 ) from xl0 to any
# Close
block return-rst in log quick on xl0 inet proto tcp from any to any
block return-rst in log quick on xl1 inet proto tcp from any to any
block return-icmp in log quick on xl0 proto udp from any to any
block return-icmp in log quick on xl1 proto udp from any to any
block in quick on xl0 all
block in quick on xl1 all
Best Regards,
Wesley Gentine
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
--
Best Wishes,
Stefan Lambrev
ICQ# 24134177
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- References:
- route-to not working
- From: Wesley
- Re: route-to not working
- From: Stefan Lambrev
- route-to not working
- Prev by Date: Re: kern/116077: 6.2-STABLE panic during use of multi-cast networking client
- Next by Date: Re: Lock order reversal in ral driver
- Previous by thread: Re: route-to not working
- Next by thread: /etc/exports and IPv6 networks
- Index(es):
Relevant Pages
|
|
