On Sun, 9 Oct 2005 15:04:42 +0300, nikns wrote:
>I have the same issue. Resolved it with ifstated.
>In OpenBSD 3.8 comes in base system.
>With pf switches route-to.
>
>my setup:
>ifstated.conf:
> $OpenBSD: ifstated.conf,v 1.6 2005/02/07 06:08:10 david Exp $
>
>init-state primary
>
>net = '( "ping -t 128 -q -c 1 -w 1 159.148.60.20 > /dev/null" every 10 || \
> "ping -t 128 -q -c 1 -w 1 159.148.95.16 > /dev/null" every 10 || \
> "ping -t 128 -q -c 1 -w 1 195.2.123.94 > /dev/null" every 10)'
>
>
>state primary {
> init {
> run "echo `date` up >> /var/log/ifstated.log"
> run "/sbin/pfctl -a nattelia -Fn"
> run "/sbin/pfctl -a telia -Fr"
> }
> if ! $net
> set-state demoted
>}
>
>state demoted {
> init {
> run "echo `date` down >> /var/log/ifstated.log"
> run "echo nat on rl0 from 192.168.0.0/16 to any -\> \(rl0\) |
> /sbin/pfctl -a nattelia -f -"
> run "echo pass in quick on \{ rl1 rl2 \} route-to \(rl0 `cat
> /etc/mygate.dhcp`\) \
> from 192.168.0.0/16 to any modulate state | /sbin/pfctl -a
> telia -f -"
> }
> if $net
> set-state primary
>}
>
>
It would be instructive to see an example pf.conf which your ifstated
modifies. It is easy to see what the latter does when you <know> the
pf.conf as only its author does.
I've done quite a few but I'm still guessing at how yours looks for
sure and I think it might assist those who are just starting too.
Thanks,
Rod.
>From the land "down under": Australia.
Do we look <umop apisdn> from up over?
Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.
