Re: pf multiple networks, two gateways, route-to question

• Previous message: Måns Rullgård: "Re: Beta testers needed - C to Java byte-code compiler/IDE"
• In reply to: Adam Taube: "pf multiple networks, two gateways, route-to question"
• Next in thread: Adam Taube: "Re: pf multiple networks, two gateways, route-to question"
• Reply: Adam Taube: "Re: pf multiple networks, two gateways, route-to question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 25 Sep 2004 20:43:37 -0700

"Adam Taube" <nospam@thenewsgroups.com> wrote:

%Hello pf uber-users out there - I need your assistance.
%
%I've been using pf for a couple of years now (love it to tears!) but
never
%in this sort of situation and I want to know if this can even be
done.
%
%em0 is gateway to cable provider
%em1 is gateway to dsl provider
%em2 is network dmz for servers (nat'ed)
%em3 is network for wireliss (authpf/nat'ed)
%em4 is network for internal machines (nat'ed)
%
%Now what I have is the whole shebang nat'ed through to the dsl
interface --
%I have considered load balancing between the two, but have decided
that the
%relative bandwidth variance (512Mbit/s on DSL + 3.2Mbit/s on Cable)
would
%make everything half real fast and half not so fast. Ideally what I
would
%like is to be able to do the following:
%
%1) rdr critical ports from both the cable and dsl interfaces to the
servers
%in the dmz and _have it go back out on the same interface_ -> I'm
running
%into trouble getting the packets to go back out the cable interface,
my
%guess is because the dsl is my default gateway. Resolutions to this?
I
%could do a reverse nat rule so that requests to the cable interface
appear
%to the server as coming from the nat box itself, but I'd like to have
a
%better solution if one exists... I tried to use a route-to rule to
fix it
%up but it didn't seem to work right. Your advice is greatly
appreciated.
%
%2) nat everything from em4 through to the cable, unless cable is
offline
%then automatic fallover to the dsl (no problem scripting that - but
if there
%are any issues I should be aware of in setting this up do give me a
heads
%up)

Adam, I tried a similar set up (2 outside lines and 2 inside subnet
with each outside line feeding one subnet) and couldn't get anything
to go through the second outside line.

Ben

• Previous message: Måns Rullgård: "Re: Beta testers needed - C to Java byte-code compiler/IDE"
• In reply to: Adam Taube: "pf multiple networks, two gateways, route-to question"
• Next in thread: Adam Taube: "Re: pf multiple networks, two gateways, route-to question"
• Reply: Adam Taube: "Re: pf multiple networks, two gateways, route-to question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]