I want to route some networks to one internet isp (isp1), and others to isp2.
Here is my network diagram (what i want)
|-------------- ISP1 my network ----------------> openbsd
|---------------ISP2
I take the configuration from: http://www.openbsd.org/faq/pf/pools.html and just modify some rules.
I use a Compaq evo, Pentium IV 1.8Ghz, IDE 40GB, 512Mb RAM, 3 NIC's. (fxp0,xl0 and ne3)
Configuration Files.
--- /etc/hostname.fxp0 --
inet 10.2.1.2 255.255.255.0 NONE
---- EOF ----
--- /etc/hostname.xl0 --
inet 192.168.7.1 255.255.255.0 NONE inet alias 192.168.2.1 255.255.255.0 NONE
----- EOF -------------------
--- /etc/hostname.ne3 --
inet 10.2.2.2 255.255.255.0 NONE
----- EOF ------
------------- pf.conf --------------
# Options: tune the behavior of pf, default values are given.
set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit { states 100000, frags 10000 }
set loginterface none
set optimization normal
set block-policy drop
set require-order yeslan_net = "{ 192.168.7.0/24, 192.168.2.0/24 }"
lan_7 = "192.168.7.0/24"
lan_2 = "192.168.0/24"
int_if = "xl0"
ext_if1 = "fxp0"
ext_if2 = "ne3"
ext_gw1 = "10.2.1.1"
ext_gw2 = "10.2.2.1"# nat outgoing connections on each internet interface
#nat on $ext_if1 from $lan_net to any -> ($ext_if1) <----- change, without nat
#nat on $ext_if2 from $lan_net to any -> ($ext_if2) <----- change, without nat
# default deny #block in from any to any <----- change #block out from any to any <----- change
# pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net
# pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if
# load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto tcp from $lan_net to any flags S/SA modulate state
# load balance outgoing udp and icmp traffic from internal network
#pass in on $int_if route-to \ <----- default
# { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ <----- default
# proto { udp, icmp } from $lan_net to any keep state <----- default
pass in on $int_if route-to \ <----- change
{ ($ext_if1 $ext_gw1) } \ <----- change
proto { udp, icmp } from $lan_2 to any keep state <----- change
pass in on $int_if route-to \ <----- change
{ ($ext_if2 $ext_gw2) } \ <----- change
proto { udp, icmp } from $lan_7 to any keep state <----- change
# general "pass out" rules for external interfaces
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state# route packets from any IPs on $ext_if1 to $ext_gw1 and the same for # $ext_if2 and $ext_gw2 pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
-------- EOF ----
I use openbsd 3.3-stable and openbsd snapshost 07-2003, and it's just after some minutes that i enable pf, just hang up, totaly freeze!, then hard reboot my machine.
I tried with a generic kernel and with a personalized one.
The same trouble both.
Thanks in advance.
-- Jesus Valero
