Hi all, I have 2 OpenBSD firewalls protecting my LAN from 2 internet connections
1) a cable modem connection for which the Internet IP address is obtained by "dhcp" 2) a DSL connection with a Static IP assigned to the $ext_if of the second firewall Now I am trying to firewall these two Internet connections with one computer. So my new firewall has 3 interfaces. 1) $int_if - Internal Interface connected to the LAN 2) $ext_ifcm - External Interface connected to the Cable Modem. 3) $ext_ifdsl - External Interface connected to the DSL router. I have a table called <dslusers> which contains the IP address of the hosts that are permitted to use the DSL connection to connect to the internet. All other hosts should use the cable modem connection. So I let the dhcp connection configure the default gateway and the Gateway for the DSL connection is provided in the filter rule using "route-to" Presently I use the rule pass in log-all on $int_if route-to $ext_ifdsl:xxx.xxx.xxx.xxx ptoto tcp from <dslusers> to any keep state I got a syntax error from pfctl when I used the rule for a specific port number as shown below. pass in log-all on $int_if route-to $ext_ifdsl:xxx.xxx.xxx.xxx ptoto tcp from <dslusers> to any port ssh keep state May I know whether it is possible to configure "route-to" in such a way that only traffic comming into "ssh" port of $int_if from <dslusers> will be routed to the DSL Interface "$ext_ifdsl" and all other traffic comming from the <dslusers> to the $int_if will use the cable connection through the $ext_ifcm. Since the gateway of the cable modem is got by "dhcp" I hope all the other traffic will default to the $ext_ifcm and I DO NOT have to introduce "route-to $ext_ifcm" in the filtering rules for Internal interface??? am I right ???? If there is no such option in "route-to" could some one please point out a method to accomplish this?? a work around or something??? Thankyou so much Kind Regards Siju
