Re: select outgoing route depending on souce interface (net)

Thu, 06 Mar 2008 09:48:25 -0800 

Giancarlo Razzolini wrote:
> 
> Yep, you need a reply-to rule. I'll not write one here, but basically,
> you do the rdr rule for incoming traffic as you normally would. But in
> the pass rule, you say that this rule will reply-to, to the isp2. If you
> do not make a reply-to rule, the requests get to server correctly, but
> when the firewall forward them, it will forward them to the default
> gateway set on it, which, in your case, is isp1. If you have trouble
> making the rules, i can help you write. This time i'm (almost) just
> lurking the list.
> 
> My regards,
> 
> --
> Giancarlo Razzolini
> Linux User 172199
> Red Hat Certified Engineer no:804006389722501
> Moleque Sem Conteudo Numero #002
> Slackware Current
> OpenBSD Stable
> Ubuntu 7.04 Feisty Fawn
> Snike Tecnologia em Informatica
> 4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85
> 
> [demime 1.01d removed an attachment of type application/pgp-signature
> which had a name of signature.asc]
> 

Hello, I need some help.

At the present situation:

   -------------------------------------------------------------------
1.) Workstations on LAN net (172.16.0.0/24) must reach Internet through ISP1
   (172.16.0.X --> 172.16.0.254 --> 192.168.0.10 --> 192.168.0.1 --> ISP1).
   DONE!!
   -------------------------------------------------------------------
2.) Servers on DMZ net (172.31.0.0/24) must reach Internet through ISP2
   (172.31.0.X --> 172.31.0.254 --> 80.25.145.194 --> 80.25.145.193 -->
ISP2).
   DONE!! by:
   
   pass in quick on $dmz_if from $dmz_net to $lan_net
   pass in quick on $dmz_if route-to ($isp2_if $isp2_gw) \
      from $dmz_net to !$lan_net 
   
   -------------------------------------------------------------------   
3.) Web server on DMZ net must be reachable from Internet through ISP2
   (ISP2 --> 80.25.145.194 --> 172.31.0.254 --> 172.31.0.21).
   DONE!! by:
   
   rdr on $ips_if proto tcp \
   from any to $isp2_if port http -> $srv_web_001 port http
   
   -------------------------------------------------------------------   
4.) Responses to incoming Web server (DMZ net) must be reply through ISP2
   (172.31.0.21 --> 172.31.0.254 --> 80.25.145.194 --> 80.25.145.193 -->
ISP2). 
   ERROR!! Packages are send back through ISP1 (bge0).

Can anyone help me with the missing rule? Please.

Thanks in advance.
-- 
View this message in context: 
http://www.nabble.com/select-outgoing-route-depending-on-souce-interface-%28net%29-tp15863445p15879537.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Reply via email to