Re: Use an specific ADSL depending on IP

Tue, 05 Jan 2010 10:02:08 -0800

Ok, let's go again. According to Karl (thanks ;)) words I've rebuilded my pf.conf for to times in two diferrent approaches. 

// FIRST TRY
- make the ADSL "redirection" in bge0 (the internal one, traffic from LAN to Internet) - make the queues in bge1/re0/fxp0 (the externals ones, traffic from Internet to LAN) 

##################################
# --- (bge0/LAN) ----OpenBSD box     ---- (fxp0/adsl1)
#                            ---- (bge1/adsl2)
#                           ---- (re0/adsl3)
#
# 1.Macros
# ISP_1
ext_if1="fxp0"
ext_gw1="217.126.43.2"

# ISP_2
ext_if2="bge1"
ext_gw2="192.168.10.1"

# ISP_3
ext_if3="re0"
ext_gw3="192.168.2.1"

# dept. A
workmate_a="192.168.0.121"
workmate_b="192.168.0.51"
workmate_c="192.168.0.124"
workmate_d="192.168.0.49"
dept_a = "{" $workmate_a $workmate_b $workmate_c $workmate_d  "}"

#dept. B
workmate_e="192.168.0.79"
wormate_f="192.168.0.78"
dept_b = "{" $workmate_e $workmate_f"}"

# dept. C
workmate_h="192.168.0.39"
workmate_i="192.168.0.43"
workmate_j="192.168.0.48"
dept_c = "{" $workmate_h $workmate_i $workmate_j "}"

# internal gateway
lan_net="192.168.0.0/24"
int_if="bge0"
int_gw="192.168.0.1"

# another macros
cpd="{ xxx }"
callcenter="xxx"

# 2.Tables
# Not used at present
# 3.Options
set skip on lo
set optimization conservative
set limit states 50000

# 4. Scrub traffic
scrub all

# 5. Queueing
altq on $int_if cbq bandwidth 30Mb queue { zona1, zona2, zona3 }

     queue zona1 bandwidth 10Mb { centraeta, cpd1, ssh1, nocpd1 }
           queue centraleta bandwidth 50% priority 7 cbq(default)
           queue cpd1 bandwidth 25% priority 6 cbq(borrow)
           queue ssh1 bandwidth 5% priority 3 cbq
           queue nocpd1 bandwidth 20% priority 0 cbq

     queue zona2 bandwidth 10Mb { cpd2, ssh2, nocpd2 }
           queue cpd2 bandwidth 40% priority 7 cbq
           queue ssh2 bandwidth 40% priority 3 cbq(borrow)
           queue nocpd2 bandwidth 20% priority 0 cbq

     queue zona3 bandwidth 10Mb { cpd3, ssh3, nocpd3 }
           queue cpd3 bandwidth 60% priority 7 cbq
           queue ssh3 bandwidth 25% priority 3 cbq(borrow)
           queue nocpd3 bandwidth 15% priority 0 cbq

# 6. Translation
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
nat on $ext_if3 from $lan_net to any -> ($ext_if3)

# 7. Filer rules

####### traffic from LAN to INTERNET ########
## from LAN to Internet: INBOUND to bge0 ##
# dept_a using their own ADSL
pass out on $int_if route-to \
    ($ext_if1 $ext_gw1) \
    proto { tcp udp } from $dept_a to any keep state

# dept_b using their own ADSL
pass out on $int_if route-to \
    ($ext_if2 $ext_gw2) \
    proto { tcp udp } from $dept_b to any keep state

# dept_c using their own ADSL
pass out on $int_if route-to \
    ($ext_if3 $ext_gw3) \
    proto { tcp udp } from $dept_c to any keep state

## from LAN to internet: OUTBOUND on bge1/re0/fxp0
pass out on $ext_if1
pass out on $ext_if2
pass out on $ext_if3

###############################

####### traffic from INTERNET to LAN ########
## from Internet to LAN: INBOUND to bge1/re0/fxp0 ##
pass in on $ext_if1
pass in on $ext_if2
pass in on $ext_if3

## from Internet to LAN: OUTBOUND to bge0 ##

### dept_a
pass out quick on $int_if from $callcenter02 \
     to $dept_a keep state \
     queue centraleta

pass out quick on $int_if proto tcp from $cpd \
     to $dept_a port 22 keep state \
     queue ssh1

pass out quick on $int_if from  $cpd \
     to $dept_a keep state \
     queue cpd11

pass out on $int_if from any \
     to $dept_a keep state \
     queue nocpd1

### dept_b
pass out quick on $int_if proto tcp from $cpd \
     to $dept_b port 22 keep state \
     queue ssh2

pass out quick on $int_if from $cpd \
     to $dept_b keep state \
     queue cpd2

pass out on $int_if from any \
     to $dept_b keep state \
     queue nocpd2

### dept_c
pass out quick on $int_if proto tcp from $cpd \
     to $dept_c port 22 keep state \
     queue ssh3

pass out quick on $int_if from $cpd \
     to $dept_a keep state \
     queue cpd3

pass out on $int_if from any \
     to $dept_c keep state \
     queue nocpd3
-----------------------------------------------------------------
It's clean, it's understable... but it doesn't work. Indeed works the first part: every LAN client uses the correct ADSL out, but queues doesn't run. 




// SECOND TRY
- make the ADSL "redirection" and also the queues works in bge0 (the internal one, traffic from LAN to Internet) 

##################################
# --- (bge0/LAN) ----OpenBSD box     ---- (fxp0/adsl1)
#                            ---- (bge1/adsl2)
#                           ---- (re0/adsl3)
#
# 1.Macros
# ISP_1
ext_if1="fxp0"
ext_gw1="217.126.43.2"

# ISP_2
ext_if2="bge1"
ext_gw2="192.168.10.1"

# ISP_3
ext_if3="re0"
ext_gw3="192.168.2.1"

# dept. A
workmate_a="192.168.0.121"
workmate_b="192.168.0.51"
workmate_c="192.168.0.124"
workmate_d="192.168.0.49"
dept_a = "{" $workmate_a $workmate_b $workmate_c $workmate_d  "}"

#dept. B
workmate_e="192.168.0.79"
wormate_f="192.168.0.78"
dept_b = "{" $workmate_e $workmate_f"}"

# dept. C
workmate_h="192.168.0.39"
workmate_i="192.168.0.43"
workmate_j="192.168.0.48"
dept_c = "{" $workmate_h $workmate_i $workmate_j "}"

# internal gateway
lan_net="192.168.0.0/24"
int_if="bge0"
int_gw="192.168.0.1"

# another macros
cpd="{ xxx }"
callcenter="xxx"

# 2.Tables
# Not used at present
# 3.Options
set skip on lo
set optimization conservative
set limit states 50000

# 4. Scrub traffic
scrub all

# 5. Queueing
altq on $int_if cbq bandwidth 30Mb queue { zona1, zona2, zona3 }

     queue zona1 bandwidth 10Mb { centraeta, cpd1, ssh1, nocpd1 }
           queue centraleta bandwidth 50% priority 7 cbq(default)
           queue cpd1 bandwidth 25% priority 6 cbq(borrow)
           queue ssh1 bandwidth 5% priority 3 cbq
           queue nocpd1 bandwidth 20% priority 0 cbq

     queue zona2 bandwidth 10Mb { cpd2, ssh2, nocpd2 }
           queue cpd2 bandwidth 40% priority 7 cbq
           queue ssh2 bandwidth 40% priority 3 cbq(borrow)
           queue nocpd2 bandwidth 20% priority 0 cbq

     queue zona3 bandwidth 10Mb { cpd3, ssh3, nocpd3 }
           queue cpd3 bandwidth 60% priority 7 cbq
           queue ssh3 bandwidth 25% priority 3 cbq(borrow)
           queue nocpd3 bandwidth 15% priority 0 cbq

# 6. Translation
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
nat on $ext_if3 from $lan_net to any -> ($ext_if3)

# 7. Filer rules

## from LAN to Internet: INBOUND to bge0 ##
# dept_a using their own ADSL
pass out on $int_if route-to \
    ($ext_if1 $ext_gw1) \
    proto { tcp udp } from $dept_a to any keep state

# dept_b using their own ADSL
pass out on $int_if route-to \
    ($ext_if2 $ext_gw2) \
    proto { tcp udp } from $dept_b to any keep state

# dept_c using their own ADSL
pass out on $int_if route-to \
    ($ext_if3 $ext_gw3) \
    proto { tcp udp } from $dept_c to any keep state

## from LAN to internet: OUTBOUND on bge1/re0/fxp0
pass out on $ext_if1
pass out on $ext_if2
pass out on $ext_if3

###############################

####### traffic from INTERNET to LAN ########
## from Internet to LAN: INBOUND to bge1/re0/fxp0 ##
pass in on $ext_if1
pass in on $ext_if2
pass in on $ext_if3

## from Internet to LAN: OUTBOUND to bge0 ##

### dept_a
pass in on $int_if route-to \
    ($ext_if1 $ext_gw1) \
    proto udp from $dept_a to $callcenter02 \
    keep state \
    queue centraleta    

pass in quick on $int_if route-to \
    ($ext_if1 $ext_gw1) \
    proto tcp from $dept_a to $cpd \
    port 22 keep state \
    queue ssh1

pass in quick on $int_if route-to \
    ($ext_if1 $ext_gw1) \
    proto tcp from $dept_a to $cpd \
    keep state \
    queue cpd1

pass in quick on $int_if route-to \
    ($ext_if1 $ext_gw1) \
    proto tcp from $dept_a to $cpd \
    keep state \
    queue nopcd1

### dept_b
pass in quick on $int_if route-to \
    ($ext_if2 $ext_gw2) \
    proto tcp from $dept_b to $cpd \
    port 22 keep state \
    queue ssh2

pass in quick on $int_if route-to \
    ($ext_if2 $ext_gw2) \
    proto tcp from $dept_b to $cpd \
    keep state \
    queue cpd2

pass in quick on $int_if route-to \
    ($ext_if2 $ext_gw2) \
    proto tcp from $dept_b to $cpd \
    keep state \
    queue nopcd2

### dept_c
pass in quick on $int_if route-to \
    ($ext_if3 $ext_gw3) \
    proto tcp from $dept_c to $cpd \
    port 22 keep state \
    queue ssh3

pass in quick on $int_if route-to \
    ($ext_if3 $ext_gw3) \
    proto tcp from $dept_c to $cpd \
    keep state \
    queue cpd3

pass in quick on $int_if route-to \
    ($ext_if3 $ext_gw3) \
    proto tcp from $dept_c to $cpd \
    keep state \
    queue nopcd3
-----------------------------------------------------


I sound clear also... but simple doesn't work.
I've convinced that my last goal (uses a ADSL depends on LAN IP's client and uses also the queue) is possible but is seems hard right now. 

Thanks in advance.

--
I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. 

Bene Gesserit Litany Against Fear.

Reply via email to