Hi everyone, I've been doing a lot of google searching recently for variants of "freebsd source-based routing" to look for how to get a dual-homed FreeBSD machine to send to the correct default gateway based on the source address of the packets it's expecting that gateway to pass along. You can't send a packet with a Comcast source address to the AT&T default gateway and expect it to actually make it out onto the public internet, etc.
Universally, the posts I've been finding that discuss this always recommend creating multiple routing tables with "options ROUTETABLES=..." which I wasn't willing to do, because my wild youthful kernel-recompiling days are over -- these days I like the advantages that come with using a pure GENERIC kernel. :-) So, today I tried the following /etc/pf.conf: > if = "bge0" > v4_addr_1 = "173.228.91.225" > v4_net_1 = "173.228.91.0/24" > v4_gw_1 = "173.228.91.1" > v4_addr_2 = "50.193.24.82" > v4_net_2 = "50.193.24.80/28" > v4_gw_2 = "50.193.24.94" > > pass out quick on $if route-to ($if $v4_gw_1) inet from $v4_addr_1 to > !$v4_net_1 no state > pass out quick on $if route-to ($if $v4_gw_2) inet from $v4_addr_2 to > !$v4_net_2 no state > #pass out quick on $if route-to ($if $v6_gw_1) inet6 from $v6_addr_1 to > !$v6_net_1 no state > > pass all no state I guess my setup is a bit simpler than the norm because I only have one physical interface, that both networks are on. But... by Jove, it seems to be working! Is there something I'm missing? Is this going to break in some subtle edge case that I'm just not seeing? If it really is this simple, why does everyone keep recommending the "options ROUTETABLES" approach? Thanks, ~Ben_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"