i have done it this way, but still have some problems:
10.1.1.1 (M)
|---gw1 ----- |
LAN --| | | - WAN
|---gw2 ----- |
(10.1.1.1) (B)
gw2 just have a backup carp interface
gw1 is carp master with 10.1.1.1
nat is running on both gw with ip address ending with 4 and 5.
gw1 and gw2 are interconnected thru a 3 nic with an 192.168.0.0/24 IP
range ($i_if) (ending with 1 and 2).
my pf.conf is the following:
- gw1
nat on $ext_if inet from 10.0.0.0/8 to any -> xxx.xxx.xxx.4
pass in quick inet proto carp
pass in on $int_if route-to { ($ext_if xxx.xxx.xxx.2) , ($i_if
192.168.0.2) } round-robin sticky-address inet from 10.0.0.0/8 to any
keep state
- gw2
nat on $ext_if inet from 10.0.0.0 to any -> xxx.xxx.xxx.5
i've tested with route-to with each of the next hops sitting alone (ie.
just with the first one and with the second one) and it worked well.
when i run it with this config things start working well and after
sometime the connection hangs. if i wait for some time it starts working
again.
any clue?
Lucas
Karl O. Pinc wrote:
On 09/21/2005 10:19:42 PM, Lucas wrote:
i tried with it, but it works if i have a machine in the middle.
like this:
GW2
LAN ----- obsd (load balancer with route-to) ------ GW1 -------- WAN
GW3
i want something to work in this scenario:
GW2
LAN ---------------- GW1 ------------------ WAN
GW3
can route-to do the work in this case?
I take it back, you could put two networks on the link
between GW1 and WAN, and then use route-to. However,
you would not truely be able to secure GW2 and GW3.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
