Date: Mon, 7 Feb 2005 10:40:06 -0800 From: Jon Simola <jsimola@gmail.com> To: Matt MacDonald <macdonald.matthew@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Two interface route-to problem Message-ID: <8eea0408050207104056b5f37d@mail.gmail.com> In-Reply-To: <8878e3ce05020704156c54f315@mail.gmail.com> References: <8878e3ce05020704156c54f315@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 7 Feb 2005 07:15:21 -0500, Matt MacDonald <macdonald.matthew@gmail.com> wrote: > I've got two PPPoe interfaces to different ISPs. The default route is > to ISP1 but my servers are on the ISP2. Everything seems to be > working fine except for traffic that is destined for ISP2 get's > returned on the ISP1 interface. The docs seem to say that route-to > will fix me problem but I can't seem to get it to work. Hopefully > someone on this list will see what I'm doing wrong. > > Here is the commands that I have tried to get this to work: > > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2:peer ) from ($ISP2) \ > to any flags S/SA > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2gw ) from ($ISP2) \ > to any flags S/SA > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2:peer ) from $ISP2addr \ > to any flags S/SA > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2gw ) from $ISP2addr \ > to any flags S/SA > > but none of them seem to work. I do have a similar line that routes > SMTP traffic inbound on the inside interface to ISP2 and that works > fine. Yes, route-to should be used on the "pass in" side of the ruleset. You've got a working SMTP rule for it, and here's an example from one of my routers: pass in on vlan107 route-to (vlan700 172.16.0.129) from vlan107:network to x.x.0.0/16 keep state The man page talks about creating route-to creating state, and I think it's much easier to do this on the incoming interface.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea0408050207104056b5f37d>