Hello!
I have small problem with dual homed gateway, below, tail of pf.ctl:
ext_if_a = "xl0"
ext_if_b = "xl0"
ext_gw_a = "aaa.bbb.ccc.ddd"
ext_gw_b = "zzz.xxx.ccc.vvv"
pass out route-to ($ext_if_a $ext_gw_a) from ($ext_if_a) \
to !($ext_if_a:network) keep state
pass out route-to ($ext_if_b $ext_gw_b) from ($ext_if_b) \
to !($ext_if_b:network) keep state
pass in reply-to ($ext_if_a $ext_gw_a) proto tcp flags S/SA tagged EXT_IF_A \
keep state
pass in reply-to ($ext_if_b $ext_gw_b) proto tcp flags S/SA tagged EXT_IF_B \
keep state
pass in reply-to ($ext_if_a $ext_gw_a) proto udp tagged EXT_IF_A \
keep state
pass in reply-to ($ext_if_b $ext_gw_b) proto udp tagged EXT_IF_B \
keep state
pass in on $ext_if_a reply-to ($ext_if_a $ext_gw_a) inet proto icmp \
icmp-type echoreq code 0 keep state
pass in on $ext_if_a inet proto icmp from ($ext_if_a:network) \
icmp-type echoreq code 0 keep state
pass in on $ext_if_b reply-to ($ext_if_b $ext_gw_b) inet proto icmp \
icmp-type echoreq code 0 keep state
pass in on $ext_if_b inet proto icmp from ($ext_if_b:network) \
icmp-type echoreq code 0 keep state
We attach both providers cables into one AT-8024 switch with same VLAN outlets.
So, I configure my interface at gateway for one IP address and one
alias address.
this host woring fine in both networks.
Then, I need to separate IP flow from internal network. Internal
network aslo, haves two small TCP network (/29) and one IP and alias
on every machine.
When I pass ping <internal machine> from external hosts - all going fine.
When I try to telnet <internal machine> 22 - I got connection timed out.
But I see packets on external interface of my gateway.
Where I'm wrong?
--
Thank you.
Vladimir. Y. Plotnikov
http://www.smartwebco.com/
