On 2007/01/05 23:56, S t i n g r a y wrote: > Well few days ago i mailed a problem of mine which was > that i have purchased multiple internet connections & > now would like to divide spcific protocoles between > them , now i tried searching the internet for this, > but couldent find anything encouraging .. most of the > people out there are confused as me, now i want to > know is this possible or not with openbsd & pf ?
In the ruleset you posted, you have nothing to tell PF which connection to use to send packets, so the default route is used. See http://www.openbsd.org/faq/pf/pools.html#outgoing for a basic setup to use two internet connections and balance traffic between them. The 'pass in on $int_if route-to' rules in the examples there use round-robin like this: route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin this shares traffic between two connections. Since you just want a set of protocols using one connection without balancing, you'll need two pass rules, first the general case without listing ports, then the rule for the particular protocols that you want using the other connection. pass in on $int_if route-to { ($ext_if2 $ext_gw2) } from \ $lan to any port { $ports } flags S/SA keep state pass in on $int_if route-to { ($ext_if1 $ext_gw1) } from \ $lan flags S/SA keep state > is there anyone out there who like sharing his pf.conf > with me ? i would be much greatful. You should have enough information to write this yourself now. That's much better than using somebody else's ruleset so you can understand how it works. If you're still confused, read pf.conf(5) about route-to and reply-to and experiment. If you use 'log' on all of your rules, then you can check which rules are matching with 'tcpdump -nettipflog0' (use pfctl -sr -vv to identify rule numbers). If you use 'tcpdump -nifxp0' and 'tcpdump -nipcn0' you can check which packets are being sent via which interface and whether they have been NATted to the correct address for that connection.
