I have an interesting problem with a new backup ADSL line I have. Normally, packets (mostly NAT stuff) going out of the router originate from its leased line IP address, and then out of the leased line interface to the default router of our main ISP (my router is running OpenBSD 3.5). As you'd expect :)
What I've done is get an ADSL line as backup, so I can just switch NATted traffic to the ADSL interface on the router. I don't want to change the default route, though, I just want to be able to let a rule cut in that NATs certain people to the ADSL IP instead. However, the ADSL network that I get from the ADSL modem is a.b.c.d/32 - if I stick a dhcp-enabled laptop on the end of the modem, I get: IP a.b.c.d netmask 255.255.255.255 Default gateway a.b.c.d i.e. it treats itself as the default gateway. This works on the laptop. On the router, of course, anything coming from the ADSL IP of a.b.c.d gets routed out through the leased line interface, because that's where the default route is. This is not what I want, since packets that originate from the ADSL IP address ought to be routed out of the ADSL interface and down the ADSL line. So, I tried using a route-to rule, but it doesn't seem to be happy, since of course it's its own default route.�My first pass rules in the pf.conf file are: pass out quick on $leased_line_if route-to $adsl_if from \ $adsl_ip_addr to any pass quick on $adsl_if from any to any keep state if I change the first line to: ..route-to ($adsl_if $adsl_ip_addr) from... it still doesn't work. None of my NAT rules have a 'pass' in them, so I think the route-to rule should be being evaluated, although ``pfctl -vs rules'' gives: [ Evaluations: 350 Packets: 0 Bytes: 0 States: 0 ] for the route-to rules. I'm sure I'm missing something obvious - any takers? Thanks, Oliver. -- Oliver Humpage ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444 E-mails received are assumed to be for my attention, to do with as I wish. No responsibility is accepted if communications are sent to me in error. This disclaimer has as much legal status as yours.
