Eek, that should keep be busy for a while :-~
-Original Message-
From: Daniel Hartmeier [mailto:[EMAIL PROTECTED]]
Sent: 13 January 2003 16:10
To: Dan Heaver
Cc: [EMAIL PROTECTED]
Subject: Re: adding a new subnet to my firewall
On Mon, Jan 13, 2003 at 03:11:36PM -, Dan Heaver wrote:
In order to use theese for NAT I obviously need to bind the addresses to
our
firewall's external interface...
They do however need a different gateway address, where do I speciy this ?
is is something in my hostname.rl1 file ?
OpenBSD itself does not support multiple default gateways. Incoming
packets on the new link will arrive fine without any routing table
additions, but outgoing packets to external hosts (even replies to
connections arriving through the new uplink) will only go through the
default gateway (through the old uplink).
You can use pf to route through interfaces explicitely:
a) have nat use both external addresses with round-robin on
connection level (this requires -current)
b) make replies of incoming connections on the second interface
go out through there again
c) route outgoing connections selectively, based on some criteria
(source/destination address, protocol, ports)
You can add explicit routing table entries for external hosts without
pf, but you add only one default gateway. If you want to use the second
uplink only for a limited set of peers, the routing table will work,
otherwise you might want to use pf to spread the outgoing packets
for arbitrary destinations accross the two uplinks.
Daniel
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
application/ms-tnef
