Hi, Thanks for all your replies !
I will take a look to rdomains that seem to be the best answer to my questions ;) . Regards. Christophe. Le 04/08/2014 21:06, Stefan Sperling a écrit : > On Mon, Aug 04, 2014 at 08:39:10PM +0200, Christophe wrote: >> Hi misc@, >> >> I was wondering about the behavior of OpenBSD in this case (not a >> production case at this time). >> >> 2 WAN interfaces (Ethernet / IPv4 DHCP) , linked to an OpenBSD box and 1 >> LAN interface (Ethernet / IPv4 static address) >> >> WAN1 (em0 DHCP) ----- >> |--- OpenBSD ----- LAN (em2 static) >> WAN2 (em1 DHCP) ----- >> >> DHCP is providing a default gateway for the 2 WAN interfaces (and can >> potentially change). >> >> First of all : >> If only "dhcp" is specified in /etc/hostname.em[0|1] files, which of >> these interfaces will provide the default gateway ? Is there a >> precedence in this case ? >> >> Otherwise, is there anyway to specify a routing table in /etc/hostname.X >> while using DHCP ? > > I'd consider putting each interface into a different rdomain. > Running dhclient on each then gives you a default route in each domain, > and it's legal for both interfaces to get addresses from the same subnet > in case address space used by your upstreams overlaps. > You can use pf magic to make traffic cross between domains as needed, > but I'm not sure on the details here because I've never used this part > of the feature (so far I've mainly used this to give individual applications > different views of the network, using e.g. route -T 1 exec ...) > See the relevant man pages (ifconfig(8), pf.conf(5), route(8), ...) and > http://www.openbsd.org/papers/f2k9-vrf/ and > http://www.openbsd.org/papers/eurobsd2012/phessler-rdomains/index.html > > Depending on how you want to use the uplinks, I suppose you could > also look at mpath routing (see route(8) for some hints), or trunk(4). > >> Second question : >> I used to write route-to and reply-to rules in pf.conf in a static context. >> As far as I've seen, there are modifiers on interface specifications >> like :network or :peer. But is there a :gateway or something similar >> telling pf to use the defaut gateway learned by DHCP on the specified >> interface ? > > To name an interface with a default route in pf syntax use 'egress', > as in the egress interface group. This is an example from pf.conf(5): > pass in on egress proto tcp from any to any port smtp \ > rdr-to 127.0.0.1 port spamd
