Thanks Stuart!
On 3/28/23 16:19, Stuart Henderson wrote:
On 2023-03-28, Kaya Saman <kayasa...@gmail.com> wrote:
On my WAN vlan for what I am going to call ISP-B, as ISP-A is existing
for a long time. What I'm trying to do right now is set this as a
default gateway for a particular subnet.
There's no such thing as "default gateway for a subnet".
One way to do what you want is with PF "route-to" rules applying only
to packets with a source address in the subnet of interest (and likewise
for "reply-to" to handle incoming connections, maybe in conjunction with
rdr-to). This is a little messier config, but if the old setup will be
going away after not too long, it might be easier to handle.
Another way is to use multiple route tables (put the relevant interfaces
in a different rdomain, e.g. "rdomain 2" in the hostname.if files), and
use "-T 2" when adding routes relating to that), this is cleaner/simpler
in some ways, though it can also be more tricky if you're running any
services on the router itself (you may need to run a second instance
bound to the second rdomain).
My mind has Cisco Route-Map pre-programmed in I think :-(
I am looking at rdomains now, which might be the solution.
In addition to the OpenBSD FAQ and MAN pages I found this website too:
https://unfriendlygrinch.info/posts/openbsd-routing-tables-and-routing-domains/
of course taking it with a pinch of salt as the content hosted on
openbsd.org is the correct one ;-)
Also going through this:
https://www.openbsd.org/papers/bsdcan2015-rdomains.pdf - I know an old
paper and probably much has changed in the meantime.
Anyway, what I am trying to figure out is how to NAT the rdomain's?
At the moment from what I understand one has to put "rtable (n)" at the
end of the NAT rule... checking with pfctl -ss |grep x.x.x.x does not
show any NAT translations unfortunately.
The rule in use is this one:
match out on $gnet_if from $vpn_net1 nat-to {$wan_gnet} rtable 2
I'm a little bit stuck here. I even tried replacing the $gnet_if with
"rdomain 2" but that didn't seem to work either.
Guess I've got more reading to do....
https://misc.openbsd.narkive.com/lCGUlP2Q/two-default-route
I think the above was more to do with using 2x default routes in a
multipath setup rather then simply trying to get one particular subnet
to use another ISP specifically.
multipath is not what you're looking for here
Also one last note: I'm not using the /etc/mygate at all.... it was my
understanding that when building a router you didn't need it and
certainly for now I have never needed it with the VSDL2 link from ISP-A.
that's ok, your default route is over pppoe which you can't do via /etc/mygate.
