Giancarlo Razzolini wrote:
>
> Yep, you need a reply-to rule. I'll not write one here, but basically,
> you do the rdr rule for incoming traffic as you normally would. But in
> the pass rule, you say that this rule will reply-to, to the isp2. If you
> do not make a reply-to rule, the requests get to server correctly, but
> when the firewall forward them, it will forward them to the default
> gateway set on it, which, in your case, is isp1. If you have trouble
> making the rules, i can help you write. This time i'm (almost) just
> lurking the list.
>
> My regards,
>
> --
> Giancarlo Razzolini
> Linux User 172199
> Red Hat Certified Engineer no:804006389722501
> Moleque Sem Conteudo Numero #002
> Slackware Current
> OpenBSD Stable
> Ubuntu 7.04 Feisty Fawn
> Snike Tecnologia em Informatica
> 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
>
> [demime 1.01d removed an attachment of type application/pgp-signature
> which had a name of signature.asc]
>
Many thanks for all your help.
Now, I've added a "reply-to" rule to my pf.conf:
-----------------------------------------------------------
###########################################################
## FILTER: Routing outgoing to ISP2
###########################################################
pass in quick on $dmz_if from $dmz_net to $lan_net
pass in quick on $dmz_if route-to ($isp2_if $isp2_gw) \
from $dmz_net to !$lan_net
pass out quick on $dmz_if route-to ($ips_if $ips_gw) from $dmz_net \
to {!$ofi_net !$des_net !$pro_net !$vpn_net}
-----------------------------------------------------------
This is still not working.
Any kind of help will be very apreciated.
I've convinced my boss to change the old payment firewall to OpenBSD,
I can't make this working and we have on DMZ all services down.
Does anyone know how to use the "route-to" rule?
Does anyone know where to find (or a book to buy) a complete guide to Packet
Filter?
Thanks in advance.
--
View this message in context:
http://www.nabble.com/select-outgoing-route-depending-on-souce-interface-%28net%29-tp15863445p15873002.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.
