Hello all, I have a question about route-to. I would like to know if the following situation would work, and if there is any advice you can give on this:
I would like to provide some resilience to a group of servers behind a pf NAT. If you could visualise the top three boxes as different /24 network connections on the external interface. At the middle I have a pf box with a IP address in each network, and an IP in the internal network on the internal network interface. At the bottom there are two computers with three alias IP addresses, one to correlate with each of the external connections. +------------+ +------------+ +------------+ | 1.2.3.1/24 | | 2.3.4.1/24 | | 3.4.5.1/24 | +------------+ +------------+ +------------+ \ | / \ | / \ | / \ | / +-------------+ | 1.2.3.5/24 | | 2.3.4.5/24 | | 3.4.5.5/24 | | 10.1.7.5/24 | +-------------+ / \ / \ / \ 10.1.7.6/24 10.1.7.9/24 10.1.7.7/24 10.1.7.10/24 10.1.7.8/24 10.1.7.11/24 With rules such as: rdr pass on $ext_if from any to 1.2.3.10 port 80 -> 10.1.7.6 Would the TCP connection be routed via it's inbound route, or do I have to create a new route-to rule to cater for this? Would I be better off creating three new network ranges 10.N.x.y to make route-to simple, if possible? As I understand it, pf is stateful, so do I even need to think about route-to in order to accomplish this? -- http://edd.link9.net - http://irc.is-cool.net