Hi,
I'm not 100% clear if i got you right. but if I'm right you have to do the
"redistribute default" on your 2 external firewalls. because the openbsd box
needs the default route (to the internet) not the other way round...
ExtFw has (static?) route to the ISP. OpenBSDFw gets default route
dynamically via OSPF from ExtFw1 or from ExtFw2. that's it.
are ExtFw1, ExtFw2 and OpenBSDFw on the same subnet?
generally you have to run ospf on all 3 boxes. on ExtFw1 set metric lower
than on ExtFw2 so OpenBSDFw will use the default route from ExtFw1 as long
ExtFw1 is available and ospf adj are established.
ospf redistribution means that the local router will announce prefix
0.0.0.0/0 pointing to the address of the interface where the LSA is sent
out...
is that what you'r looking for?
greets
Marco
On Thu, May 7, 2009 at 3:40 PM, carlopmart <carlopm...@gmail.com> wrote:
> Stuart Henderson wrote:
>
>> On 2009-05-07, carlopmart <carlopm...@gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> I am trying to establish default routes on an openbsd firewall using
>>> ospfd instead of use multipath+route to param under pf.conf without luck.
>>>
>>> My topology is:
>>>
>>> Internet ------- ExtFw1 ----------------|
>>> |
>>> OpenBSDFw ----- Internal Network
>>> |
>>> Internet ------- ExtFw2 ----------------|
>>>
>>>
>>> ExtFw1 and ExtFw2 are commercial products with different versions. I
>>> have put a rule to pass all traffic genereated by OpenBSD on both external
>>> firewalls.
>>>
>>
>>
>> ExtFw1 and ExtFw2 are running OSPF and announcing a default route
>> into it, right??
>>
>>
> At this time yes. Extfw are commercial firewalls based on linux and I use
> quagga to configure ospf on each one. But, any route is attached to openbsd
> via ospf ...
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
