On Thursday 12 July 2007, Andrea Venturoli wrote: > Artyom Viklenko ha scritto: > > You have to enforce simmetrical routing on your FreeBSD box. > > You can use, for example, PF firewall Using such options and > > features as labels and route-to/reply-to statemens. > > > > Also it is possible with ipfw, but I prefer PF. :) > > Thanks, this is interesting. However I failed to understand what > you mean exactly. > Do you have any pointer to a document that explains this? > I searched in PF's and ipfw's manual, but found nothing that I > could relate to this. > > Also, I'm right now using ipfw... > > bye & Thanks > av.
errrm, in pf I can give you a concrete example of how to deal with this. Since you haven't given a concrete example I'll make one up. Say you have a FBSD box with em0 connected to one DSL connection on 192.168.1.2 and the default route set to 192.168.1.1 and em1 on the other DSL connection with IP 192.168.2.2 and the router for that connection on 192.168.2.1 Your question seemed to imply that you don't want to load-balance or really even do round-robin NAT and you're fine with manually cutting over the default route in case a link fails, but the problem you are having is that the responses to incoming connections go out the default route, which doesn't work. Here's the fix to that in PF: pass out route-to (em1 192.168.2.1) from 192.168.2.2 to any This will not do load-balancing, fail-over, or round-robin NAT, but it will make replies to incoming connections on the 'other' DSL connection go out the same interface the incoming connection came in on with the proper source address. HTH -- Thanks, Josh Paetzel
pgpL4Cz1MZZj4.pgp
Description: PGP signature
