j knight schrieb: > Bernd Bednarz wrote: > >> Hello, >> >> nat on $pppoe1 from $supp_net to any -> ($pppoe1) >> nat on $pppoe2 from $supp_net to any -> ($pppoe2) >> rdr on $pppoe2 proto tcp from any to $pppoe2 port 80 -> 10.30.70.43 >> port 80 >> pass in on $pppoe2 reply-to ($pppoe2 $gw2) proto tcp from any to >> $pppoe2 port 80 keep state >> >> I hope you mean this. >> >> Sorry, I don't read the things about reply-to and keep state. >> >> However, it still don't work or did I missunterstand you? > > > > No, that's pretty much what I meant. You'll need to provide some more > info now... such as your _complete_ ruleset, tcpdump outputs, etc. > > > > .joel
Hi, my pf.conf wich I'm using for the test. -snip- pppoe1="tun0" pppoe2="tun1" gw1="217.0.116.68" gw2="217.0.116.67" supp_net="10.30.70.0/24" admin_net="10.30.20.0/24" # optimize set loginterface $pppoe1 set optimization aggressive nat on $pppoe1 from $supp_net to any -> ($pppoe1) nat on $pppoe1 from $admin_net to any -> ($pppoe1) nat on $pppoe2 from $supp_net to any -> ($pppoe2) nat on $pppoe2 from $admin_net to any -> ($pppoe2) rdr on $pppoe2 proto tcp from any to $pppoe2 port 80 -> 10.30.70.43 port 80 pass in on $pppoe2 reply-to ($pppoe2 $gw2) proto tcp from any to $pppoe2 port 80 keep state -snap- --- tcpdump from tun1 (interface wich the inputs comes) router ~ $ tcpdump -ni tun1 port 80 and host 81.209.165.28 tcpdump: listening on tun1, link-type LOOP 11:55:40.099544 81.209.165.28.52486 > 84.158.142.59.80: S 1155228679:1155228679(0) win 5840 <mss 1452,sackOK,timestamp 472436333 0,nop,wscale 0> (DF) 11:55:43.099268 81.209.165.28.52486 > 84.158.142.59.80: S 1155228679:1155228679(0) win 5840 <mss 1452,sackOK,timestamp 472436633 0,nop,wscale 0> (DF) --- tcpdump from tun0 (default gateway) router ~ $ tcpdump -ni tun0 port 80 and host 81.209.165.28 tcpdump: listening on tun0, link-type LOOP 11:55:40.099991 84.158.142.59.80 > 81.209.165.28.52486: R 0:0(0) ack 1155228680 win 0 (DF) 11:55:43.099517 84.158.142.59.80 > 81.209.165.28.52486: R 0:0(0) ack 1 win 0 (DF) router ~ $ sysctl -a | grep source net.inet.ip.sourceroute=1 router ~ $ uname -a OpenBSD router.1ls.sales.hbedv.com 3.7 GENERIC#0 i386 OpenBSD 3.7-stable (rebuild from source) Do you need more information?
