hi after a while and some stress with my my new router hardware,
i ´m back on my playground rdomain as addtional security "feature". i use now vether0 with an ip as default gateway for my rdoamin 0 in pf exsists some outbound rules for seperate dns querys depend on the line providers. i have 2 private lines from 2 diffrent provider one ADSL , one Cable. both in separate rdomains , one kernel pppoe , one with dhcp to get the dynamic ips . so some rules . the most looks fine. some trouble due the setup i have was to setup the default gw by mygate. ( for reboot ) this is not possible depend on the cable setup with the dhcp client. netstart don´t care about rdomain in the case . you have to setup the default gw by rc.local. it is possibe to modify netstart the the script check , for example rdomain , at the hostname.if and set the "mygate" . like if hostname.if contain rdomain and dhcp then set mygate ? Holger > On Tue, Oct 06, 2015 at 08:58:24AM +0200, Holger Glaess wrote: >> hi >> >> > On Tue, Oct 06, 2015 at 06:49:29AM +0200, Holger Glaess wrote: >> >> hi >> >> >> >> just a simple question >> >> >> >> how can i setup an kind of "default route" in rdomain 0 >> >> to , for example , rdomain 2. >> >> >> >> i have 3 rdomain >> >> >> >> the default one >> >> one with the internet connection ( rdomain 1 ) >> >> one for my wlan ( rdomain 2 ) >> >> >> >> the routing between wlan to internet is still working( test "route -n >> -T >> >> 2 >> >> exec ping 8.8.8.8" ), >> >> but if use the wlan client my local ( forward ) dns server in rdomain >> 0 >> >> he diden't got an anser as result that the dns server can not reach >> >> any externel dns server. >> > >> > You need to use pf to move packets between rdomains. Look for the >> rtable >> > keyword. >> > >> >> i try somthing like that for rdomain 0 ( lan_if ) >> >> pass out on lan_if from any to any rtable 2 ( internet ) nat-to (pppoe0) >> or >> pass out rdomain from any to any rtable 2 nat-to (pppoe0) >> >> same with "in" because an simple ping to 8.8.8.8 in ( or on ? ) rdomain >> 0 >> ( direct on the router ) is no working. >> >> there is no default route at rdomain 0 >> > > You going to need a default route (can point to loopback) because routing > decisions are done before pf can move the packet. > > -- > :wq Claudio
