On Saturday 10 September 2005 21:10, KOUADIO Thiodore KOUASSI wrote:
> I have a seriouse problem with my inetrnet connexion.
> I have two line of connexion with inetrnet
> 1----213.X.X.X
> and 196.X.X.X
If I understand you correctly, you have two net connections on separate
netblocks (probably via different providers) to give you some redundancy.
With two connections, you can set up a connection pool with pf, and write a
script such that you get automatic failover to one connection or the other if
one of the connections fail (how you implement that will depend on how your
connection is set up).
Do not set up a default gateway, instead do all the routing with 'pf' (I'm
also assuming that at least one of your OpenBSD systems is being used as a
firewall/router, and is connected to both of these Internet connections).
The manual page for 'pf' has details on how to do this. You'll need a rule
that looks something like this:
pass in on $int_if route-to { ( $ext_if1 $ext_gw1 ) ( $ext_if2 $ext_gw2 ) }
round-robin keep state
If you are using rdr rules to allow some traffic in, you will need to use
packet tagging so the reply packets go out only through the interface they
came in on (because otherwise it won't work, because the above rule may not
route the reply packet out the right interface) and of course set up the
appropriate egress rule to force the tagged packets to go out the interface
the inbound packet came in on.
