On 01/14/2015 07:19 AM, Indunil Jayasooriya wrote:
Hi misc,
I have /etc/ip_list1 file containing some destinations.
format of /etc/ip_list1 is given below.
1.2.3.4
1.6.3.0/24
I want to route ALL DESTINATIONS listed in /etc/ip_list1 via wan1_gw. The
rest of trafficc , I want to route via wan2_gw .
I have enabled below things in sysctl.conf file (including multipath
routing)
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4
packets
#net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4
multicast packets
net.inet.ip.multipath=1 # 1=Enable IP multipath routing
net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects
my 2 gatewys
wan1_gw= "192.168.2.100"
wan2_gw= "192.168.1.1"
my hostname.xxx files like these.
my wan1 interface
# cat /etc/hostname.rl0
inet 192.168.2.35 255.255.255.0
!route add -mpath default 192.168.2.100
my wan2 interface
# cat /etc/hostname.rl1
inet 192.168.1.11 255.255.255.0
!route add -mpath default 192.168.1.1
my lan interface
# cat /etc/hostname.bge0
inet 192.168.100.208 255.255.255.0
my pf.conf file looks like this.
# macros
int_if="bge0"
wan1_if="rl0"
wan2_if="rl1"
lan_net="192.168.100.0/24"
#lan_net="192.168.101.0/24"
wan1_gw= "192.168.2.100"
wan2_gw= "192.168.1.1"
table<ip_list1> persist file "/etc/ip_list1"
# options
set block-policy return
set loginterface $wan1_if
set skip on lo
#THIS IS THE RULE TO ROUTE VIA WAN1_GW
pass out quick log from any to<ip_list1> route-to ($wan1_if $wan1_gw)
# match rules
match out on $wan1_if from $lan_net nat-to ($wan1_if)
match out on $wan2_if from $lan_net nat-to ($wan2_if)
# filter rules
block in log
#block out log
pass out quick log
antispoof quick for { lo $int_if }
pass in log inet proto icmp all icmp-type $icmp_types
I still can NOT traceroute to destinations in /etc/ip_list1 via wan1_gw and
the rest via wan2_gw
How to achive this goal?
Hi, I've snipped full rules set to show needed lines, hope this will
help you.
I'm sure that I didn't enable multipath.
/etc/mygate contains any A or B gw address.
In case you won't achieve policy based routing with this example I'll
send you
full pf.conf that works well for years.
ext_if_a = "xl0"
ext_gw_a = "195.26.92.129"
ext_if_b = "fxp1"
ext_gw_b = "188.230.122.53"
int_if = "fxp0"
table <lan> { 192.168.16.0/24 }
table <mail> { 192.168.16.5 }
match out on $ext_if_a inet proto tcp from <lan> to !<lan> nat-to $ext_if_a
match out on $ext_if_b inet from <lan>, to !<lan> nat-to $ext_if_b
pass in on $int_if inet proto tcp from <mail> to any port { www, smtp,
https, smtps } route-to ($ext_if_a $ext_gw_a)
pass in on $int_if inet proto tcp from <lan> to any route-to ($ext_if_b
$ext_gw_b)
pass out inet from $ext_if_a route-to ($ext_if_a $ext_gw_a)
pass out inet from $ext_if_b route-to ($ext_if_b $ext_gw_b)
pass out on { $ext_if_a, $ext_if_b }
