On Mon, Aug 04, 2014 at 08:39:10PM +0200, Christophe wrote: > Hi misc@, > > I was wondering about the behavior of OpenBSD in this case (not a > production case at this time). > > 2 WAN interfaces (Ethernet / IPv4 DHCP) , linked to an OpenBSD box and 1 > LAN interface (Ethernet / IPv4 static address) > > WAN1 (em0 DHCP) ----- > |--- OpenBSD ----- LAN (em2 static) > WAN2 (em1 DHCP) ----- > > DHCP is providing a default gateway for the 2 WAN interfaces (and can > potentially change). > > First of all : > If only "dhcp" is specified in /etc/hostname.em[0|1] files, which of > these interfaces will provide the default gateway ? Is there a > precedence in this case ? > > Otherwise, is there anyway to specify a routing table in /etc/hostname.X > while using DHCP ?
I'd consider putting each interface into a different rdomain. Running dhclient on each then gives you a default route in each domain, and it's legal for both interfaces to get addresses from the same subnet in case address space used by your upstreams overlaps. You can use pf magic to make traffic cross between domains as needed, but I'm not sure on the details here because I've never used this part of the feature (so far I've mainly used this to give individual applications different views of the network, using e.g. route -T 1 exec ...) See the relevant man pages (ifconfig(8), pf.conf(5), route(8), ...) and http://www.openbsd.org/papers/f2k9-vrf/ and http://www.openbsd.org/papers/eurobsd2012/phessler-rdomains/index.html Depending on how you want to use the uplinks, I suppose you could also look at mpath routing (see route(8) for some hints), or trunk(4). > Second question : > I used to write route-to and reply-to rules in pf.conf in a static context. > As far as I've seen, there are modifiers on interface specifications > like :network or :peer. But is there a :gateway or something similar > telling pf to use the defaut gateway learned by DHCP on the specified > interface ? To name an interface with a default route in pf syntax use 'egress', as in the egress interface group. This is an example from pf.conf(5): pass in on egress proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd
