my final config file that works along with couple of commands you need to put
in script file & execute after each reboot.
#############################################################
# my routeset script
route delete default -ifp xl2 -mpath 203.81.235.1
route add default -ifp xl0 -mpath 192.168.0.1
netstat -rnf inet | grep default
#############################################################
# my pf.conf file
lan_net = "10.0.0.0/16"
int_if = "xl1"
ext_if1 = "xl0"
ext_if2 = "xl2"
ext_gw1 = "192.168.0.1"
ext_gw2 = "203.81.235.1"
chadd = "10.0.0.1"
ports = "22 53 80 110 119 123 143 443 465 554 900 995 1755 1863 1999 2090 2091
2095 3000 3020 2020 3389 5000 5001 5050 5100 5190 6667 11
999 14360"
table <allowedclients> persist file "/etc/allowedclients"
nat on $ext_if1 inet proto {tcp, udp } from <allowedclients> to any port \
{ $ports } -> ($ext_if1)
nat on $ext_if2 inet proto {tcp, udp } from <allowedclients> to any \
-> ($ext_if2)
rdr on $int_if proto tcp from <allowedclients> to any port 80 -> $chadd port
8080
pass out on $int_if from any to <allowedclients>
pass in quick on $int_if from <allowedclients> to $int_if
pass in on $int_if route-to { ($ext_if2 $ext_gw2) } from \
<allowedclients> flags S/SA keep state
pass in on $int_if route-to { ($ext_if1 $ext_gw1) } inet proto tcp from \
<allowedclients> to any port {$ports} keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
----- Original Message ----
From: Marcos Laufer <[EMAIL PROTECTED]>
To: S t i n g r a y <[EMAIL PROTECTED]>
Cc: [email protected]
Sent: Friday, January 26, 2007 8:57:04 AM
Subject: Re: multiple external links working .. (Solved)
Would you mind sharing your final config as sample for others
who might need in the future?
Thanks!
----- Original Message -----
From: "S t i n g r a y" <[EMAIL PROTECTED]>
To: "Open BSD" <[email protected]>
Sent: Thursday, January 25, 2007 12:51 PM
Subject: multiple external links working .. (Solved)
Yes it was exactly this & thanks Soner Tari & Stuart Henderson for Helping
me (newbie) in so detail that now finally i have succeeded in making
multiple external connection & serving them as one.
lush it feels so good ..
Thank you.
I owe you one.
p.s is it possible to have a 3rd internet connection join this ? :)
*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
----- Original Message ----
From: <[EMAIL PROTECTED]>
To: S t i n g r a y <[EMAIL PROTECTED]>
Cc: openbsd <[email protected]>
Sent: Wednesday, January 24, 2007 12:53:40 AM
Subject: Re: multiple external links not working ..
Hi, I'm using two external interfaces myself, and I believe I had the
same problem you describe in your message. I bet when you do:
netstat -rnf inet | grep default
you will see that your (ext_if2 ext_gw2) comes on top. Thus, my theory
is that the kernel is preferring your second external interface due to
your routing table (i.e. the order of your default routes).
Since I don't know how to handle this in pf.conf for connections
originating from my firewall, such as an http proxy running on the
firewall, just as in your case too (otherwise route-to and reply-to work
fine), I change my routing table in rc files.
Specifically, I rearrange the order of my default routes to have my
first external interface/gateway on top:
route add default -ifp ext_if1 -mpath ext_gw1
route add default -ifp ext_if2 -mpath ext_gw2
Accordingly, I removed the similar shell commands in hostname.if(5)
files.
Hope this helps,
On Tue, 2007-01-23 at 08:36 -0800, S t i n g r a y wrote:
> Well thanks to everyone who help me coming close to using multiple
external links for internet.
> but its still not working, my scenario is that i have 2 ISP's connection
now the main internet connection is the powerful one which i only want to
use for specific protocols which i have defined in a macro called ports
now rest is supposed to goto to my 2nd internet connection which is a weak &
cheap connection basically there to allow p2p applications access.
> Main internet is ext_if1 (xl0)
> slow internet is ext_if2 (xl2)
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com
