Hi,
This is probably a terrible newbie-question, but I can't seem to figure
this one out.
I have a setup with an internal lan (fxp0: 192.168.73.0/24) and 2 uplinks:
* de1, dhcp, has the default route.
* pppoe0, fixed ip + /29 routed to it, has 4 fixed routes routed over it.
My problem is that when I ping either the fixed ip or one of the ips in
the /29 from an ip which is not in the prefixes in the routes configured
on the pppoe0 interface, the ping reply is being sent over the default
route, at which point that upstream drops the traffic.
relevant files from my network config are below:
hostname.de1
------------
dhcp NONE NONE NONE
hostname.fxp0
-------------
inet 192.168.73.1 255.255.255.0 NONE
hostname.pppoe0
---------------
pppoedev rl0
!/sbin/ifconfig rl0 up
!/usr/sbin/spppcontrol \$if myauthproto=pap [EMAIL PROTECTED] myauthkey=password
!/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0xffffffff
!/sbin/route -qn add -net 83.143.242.0/24 0.0.0.1
!/sbin/route -qn add -net 83.217.64/19 0.0.0.1
!/sbin/route -qn add -net 86.39/16 0.0.0.1
!/sbin/route -qn add -net 217.22.48/20 0.0.0.1
up
hostname.rl0
------------
inet 192.168.100.3 255.255.255.0 NONE
pf.conf
-------
ext_if0="de1"
ext_if1="pppoe0"
ext_if1i="rl0"
int_if="fxp0"
int_rdsl_binat1="192.168.73.24/29"
ext_rdsl_binat1="83.217.95.104/29"
scrub out on $ext_if1 max-mss 1452
nat on $ext_if0 inet from $int_if:network to any -> ($ext_if0)
nat on $ext_if1 inet from $int_if:network to any -> ($ext_if1)
nat on $ext_if1i inet from 192.168.73.0/26 to any -> ($ext_if1)
binat on $ext_if1 from $int_rdsl_binat1 to any tag rdsl_binat1 ->
$ext_rdsl_binat1
I tried to fix the issue with the fixed ip like this:
pass out quick route-to ($ext_if1 0.0.0.1) inet proto { tcp, udp, icmp } from
($ext_if1) to any keep state
This did route the reply traffic over the right interface, but I was
getting mysterious problems later (for sending big packets):
18:20:10.261712 83.217.93.5 > 83.217.93.5: icmp: 217.22.51.130 unreachable -
need to frag (mtu 1200)
This is independant of the MTU, I tried lowering it (the line above has
1200, default is 1452, which does not make any difference).
I tried to fix the second problem like this, but this did not work at
all:
pass out quick route-to ($ext_if1 0.0.0.1) inet proto { tcp, udp, icmp } from
any to any tagged rdsl_binat1 keep state
I would appreciate any help anyone could give me. I am subscribed to the
mailing list, so no need to CC me. ;)
kr,
Jan Van Buggenhout
--
------------------------------------------------------------------------
UNIX isn't dead - It just smells funny
[EMAIL PROTECTED]
------------------------------------------------------------------------
"Baldric, you wouldn't recognize a subtle plan if it painted itself pur-
ple and danced naked on a harpsicord singing 'subtle plans are here a-
gain'."
