On 11/30/18 8:31 PM, Chris Bennett wrote:
I'm just curious. Is there a default method to select on this? Random?
Can I control this somehow?
It's clear how everything else selects IP, but I just wanted to know in
case that ever mattered, say one of my IPs were blocked.
And I wanted to be sure which IP outbound is or is not used for running
something like lynx, etc.
Not terribly important, but at least interesting question for me.
Thanks,
Chris Bennett
If you say 'outbound IP' I am guessing you WAN facing public address.
There are several ways to do this....
The first would be to use a NAT Pool. This would effectively pop all
your public addresses a selectable group:
eg. { 1.1.1.1 , 2.2.2.2 , 3.3.3.3 , 4.4.4.4 }
Depending on the pool configuration ie. if there was any weighting put
on for IP selection or it would simply use a round-robbin type of selection.
https://www.openbsd.org/faq/pf/nat.html
https://www.openbsd.org/faq/pf/example1.html
Another method would be to setup a static route. So in the above example
with NAT pool you could simply say something like:
IP 172.16.40.52 -> 1.1.1.1
So your PF rule would then be something like:
match out on $ext_if from 172.16.40.52 to any nat-to {1.1.1.1}
The weighted option or a load balanced option would have something like
this:
https://www.openbsd.org/faq/pf/pools.html
Regards,
Kaya
