Andrea Venturoli wrote:
Artyom Viklenko ha scritto:
You have to enforce simmetrical routing on your FreeBSD box.
You can use, for example, PF firewall Using such options and features
as labels and route-to/reply-to statemens.
Also it is possible with ipfw, but I prefer PF. :)
Thanks, this is interesting. However I failed to understand what you
mean exactly.
Do you have any pointer to a document that explains this?
I searched in PF's and ipfw's manual, but found nothing that I could
relate to this.
Also, I'm right now using ipfw...
bye & Thanks
av.
Very brief example (just to show main idea).
Assume you have thre interfaces in router fxp0 - lan, fxp1 - adsl1, fxp2 -
adsl2.
fxp0 - 192.168.0.1, fxp1 - 192.168.1.2, fxp2 - 192.168.2.2
adsl1 - 192.168.1.1, adsl2 - 192.168.2.1
$server="192.168.0.2"
$adsl1="192.168.1.1"
$adsl2="192.168.2.1"
pass in on fxp1 inet from any to $server keep state tag ADSL1
pass in on fxp2 inet from any to $server keep state tag ADSL2
pass out on fxp0 reply-to (fxp1 $adsl1) from any to $server tagged ADSL1 keep
state
pass out on fxp0 reply-to (fxp2 $adsl2) from any to $server tagged ADSL2 keep
state
This is just part of whole rulebase regarding your problem.
Packets coming in via adsl1 will pass and got tagged by ADSL1 tag. Also, state
will
be created. Then packet will pass out to server, state will be created. and all
replies from server will be frowarded back via adsl1.
Same for traffic from adsl2.
Also, see OpenBSD PF FAQ.
Hope this helps.
--
Sincerely yours,
Artyom Viklenko.
-------------------------------------------------------
[EMAIL PROTECTED] | http://www.aws-net.org.ua/~artem
FreeBSD: The Power to Serve - http://www.freebsd.org
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
