Hi, after reading the pf docs it is not clear for me how to configure
the firewall to route the traffic back to the gateway directly conected
to the incoming interface of the packet, something like this
ISP A ISP B
200.13.32.1 216.21.40.1
| |
| |
_ |____________ |_________
| |
| gem0 gem1 |
| 200.13.32.2 216.21.40.2 |
|_______________________|
I want the following:
- I will configure web service listeing on interface gem0 and smtp
service listening on interface gem1.
- I dont want load balancing, if the firewall receives a web request on
the gem0 interface, it will send the packet back to the gem0 interface,
using 200.13.32.2 for outgoing ip
and the same with the smtp service, using gem1 and 216.21.40.2 for
outgoing interface and ip.
- aditionally, 200.13.32.2 and 216.21.40.2 are carp addresses, not the
real ip address configured on the interfaces.
I have tried this witout success:
pass in on gem0 proto tcp from any to 200.13.32.2 port 80 flags S/SA
keep state
pass in on gem1 proto tcp from any to 216.21.40.2 port 25 flags S/SA
keep state
pass out on gem0 route-to (gem1 216.21.40.1) from gem1 to any
pass out on gem1 route-to (gem0 216.21.40.1) from gem0 to any
The firewall always send the packet through gem1.
I have 216.21.40.2 in /etc/mygate
Can someone point me to another good doc on the subject or explain my
mistakes?
thanks
