Hi, tags with route-to can do, something like that:
# internal interface
if_int1 = "em1"
# external interfaces, first ISP
if_ext1 = "pppoe0"
# second ISP
if_ext2 = "vlan832"
# second ISP gateway
router_isp2 = "2.2.2.2"
# apply tags to incoming traffic for specific ports
pass in log on $if_int1 inet proto tcp from any to any port ssh tag SSH
pass in log on $if_int1 inet proto tcp from any to any port { http,https
} tag WEB
# assuming $if_ext1 is default OS route
pass out log on $if_ext1 inet all tagged SSH nat-to ($if_ext1)
pass out log on $if_ext2 inet all tagged WEB nat-to ($if_ext2) route-to
($if_ext2 $router_isp2)
Should work for outgoing traffic. For incoming you would need
corresponding "reply-to", although it could get a bit messy with more
rules, I find it more simple to have multiple routing tables with
rdomain, rtable.
Best regards,
Evaldas
On 23/03/18 05:09, Rolf Loudon wrote:
Hello
I’ve had several goes at this but can’t work it out. Hoping there may be
some assistance available. I cannot find examples I can refine online.
I have two interfaces which I can use for outbound traffic. One ethernet,
one wifi. I want to send some traffic out via a given interface depending
on the service I’m connecting to (eg ssh via ethernet, https via wifi,
etc).
(In the past with linux iproute2 and netfilter this is pretty
straightforward).
Do I need to use route-to or is rdr the tool?
If I only wanted to choose via destination network then simple routing is
sufficient. Adding a port decision has me stuck.
Or is pf not the tool for this?
Many thanks
r.
