multiple external links working .. (Solved)

S t i n g r a y Thu, 25 Jan 2007 09:09:13 -0800

Yes it was exactly this & thanks Soner Tari & Stuart Henderson for Helping me 
(newbie) in so detail that now finally i have succeeded in making  multiple 
external connection & serving them as one.
lush it feels so good ..


Thank you.
I owe you one.

p.s  is it possible to  have a 3rd internet connection join this ? :) 


*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
              



----- Original Message ----
From:  <[EMAIL PROTECTED]>
To: S t i n g r a y <[EMAIL PROTECTED]>
Cc: openbsd <misc@openbsd.org>
Sent: Wednesday, January 24, 2007 12:53:40 AM
Subject: Re: multiple external links not working ..

Hi, I'm using two external interfaces myself, and I believe I had the
same problem you describe in your message. I bet when you do:

netstat -rnf inet | grep default

you will see that your (ext_if2 ext_gw2) comes on top. Thus, my theory
is that the kernel is preferring your second external interface due to
your routing table (i.e. the order of your default routes).

Since I don't know how to handle this in pf.conf for connections
originating from my firewall, such as an http proxy running on the
firewall, just as in your case too (otherwise route-to and reply-to work
fine), I change my routing table in rc files.

Specifically, I rearrange the order of my default routes to have my
first external interface/gateway on top:

route add default -ifp ext_if1 -mpath ext_gw1
route add default -ifp ext_if2 -mpath ext_gw2

Accordingly, I removed the similar shell commands in hostname.if(5)
files.

Hope this helps,

On Tue, 2007-01-23 at 08:36 -0800, S t i n g r a y wrote:
> Well thanks to everyone who help me coming close to using multiple external 
> links for internet.
> but its still not working, my scenario is that i have 2 ISP's connection  now 
> the main internet connection  is the powerful one which i only want  to use 
> for specific  protocols  which i have defined  in a macro called ports  now 
> rest is supposed to goto to my 2nd internet connection which is a weak & 
> cheap connection basically there to allow p2p applications access.
> Main internet is ext_if1 (xl0)
> slow internet is ext_if2 (xl2)
> LAN is int_if (xl1) 
> now the problem is that when ever i apply my pf.conf file all the traffic 
> goes to 2nd slow internet connection.
> 
> my pf.conf file
> lan_net = "10.0.0.0/16"
> int_if  = "xl1"
> ext_if1 = "xl0"
> ext_if2 = "xl2"
> ext_gw1 = "192.168.0.1"
> ext_gw2 = "203.81.235.1"
> chadd = "10.0.0.1"
> ports = " 22 25 53 80 110 119 123 143 443 465 554 900 995 1755 1863"
> table <allowedclients> persist file "/etc/allowedclients"
> 
> nat on $ext_if1 inet proto {tcp, udp } from <allowedclients> to any port \
> { $ports } -> ($ext_if1)
> nat on $ext_if2 inet proto {tcp, udp } from <allowedclients> to any \
>  -> ($ext_if2)
> 
> rdr on $int_if proto tcp from <allowedclients> to any port 80 -> $chadd port 
> 8080
> 
> pass out log on $int_if from any to $lan_net
> 
> pass in log quick on $int_if from $lan_net to $int_if
> pass in log on $int_if route-to { ($ext_if2 $ext_gw2) } from \
>     $lan_net to any flags S/SA keep state
> pass in log on $int_if route-to { ($ext_if1 $ext_gw1) } inet proto tcp from \
> $lan_net to any port {$ports} flags S/SA keep state
> 
> pass out log on $ext_if2 proto tcp from any to any flags S/SA modulate state
> pass out log on $ext_if2 proto { udp, icmp } from any to any keep state
> pass out log on $ext_if1 proto tcp from any to any flags S/SA modulate state  
> pass out log on $ext_if1 proto { udp, icmp } from any to any keep state
> 
> pass out log on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any 
> pass out log on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
> 
> this is what happens
> 
> bash-3.1# tcpdump -nettipflog0
> tcpdump: WARNING: pflog0: no IPv4 address assigned
> tcpdump: listening on pflog0, link-type PFLOG
> 1169566778.398818 rule 18/(match) pass out on xl2: 203.81.235.185.5698 > 
> 8.7.232.215.80: [|tcp] (DF)
> 1169566778.553623 rule 18/(match) pass out on xl2: 203.81.235.185.13550 > 
> 66.249.91.83.80: [|tcp] (DF)
> 1169566779.005110 rule 18/(match) pass out on xl2: 203.81.235.185.16245 > 
> 209.0.144.87.80: [|tcp] (DF)
> 1169566779.102642 rule 1/(match) pass in on xl1: 10.0.2.41.1601 > 
> 10.0.0.1.8080: [|tcp] (DF)
> 1169566779.105302 rule 18/(match) pass out on xl2: 203.81.235.185.5672 > 
> 216.143.70.77.80: [|tcp]
> 1169566779.167718 rule 1/(match) pass in on xl1: 10.0.1.24.2402 > 
> 10.0.0.1.8080: [|tcp] (DF)
> 1169566779.170640 rule 18/(match) pass out on xl2: 203.81.235.185.11598 > 
> 64.40.101.40.80: [|tcp] (DF)
> 1169566779.457058 rule 2/(match) pass in on xl1: 10.0.2.7.2328 > 
> 125.23.47.31.3460: [|tcp] (DF)
> 1169566779.457112 rule 21/(match) pass out on xl0: 10.0.2.7.2328 > 
> 125.23.47.31.3460: [|tcp] (DF)
> 1169566779.615288 rule 18/(match) pass out on xl2: 203.81.235.185.33595 > 
> 209.0.144.88.80: [|tcp] (DF)
> 1169566779.700708 rule 18/(match) pass out on xl2: 203.81.235.185.42575 > 
> 72.14.209.85.80: [|tcp] (DF)
> 1169566779.994302 rule 1/(match) pass in on xl1: 10.0.2.8.4265 > 
> 10.0.0.1.8080: [|tcp] (DF)
> 1169566780.005425 rule 18/(match) pass out on xl2: 203.81.235.185.31337 > 
> 72.14.209.86.80: [|tcp] (DF)
> 1169566780.174899 rule 18/(match) pass out on xl2: 203.81.235.185.27385 > 
> 8.2.96.67.80: [|tcp] (DF)
> 1169566780.475037 rule 2/(match) pass in on xl1: 10.0.1.19.138 > 
> 10.0.255.255.138: udp 201
> 1169566780.475089 rule 22/(match) pass out on xl0: 10.0.1.19.138 > 
> 10.0.255.255.138: udp 201
> 1169566780.652249 rule 18/(match) pass out on xl2: 203.81.235.185.44777 > 
> 8.7.232.215.80: [|tcp] (DF)
> 1169566780.884663 rule 1/(match) pass in on xl1: 10.0.2.8.4266 > 
> 10.0.0.1.8080: [|tcp] (DF)
> 1169566780.889225 rule 18/(match) pass out on xl2: 203.81.235.185.44736 > 
> 72.14.217.189.80: [|tcp] (DF)
> 1169566780.920559 rule 2/(match) pass in on xl1: 10.0.3.6.3273 > 
> 64.182.172.11.8585: [|tcp] (DF)
> 1169566780.920608 rule 21/(match) pass out on xl0: 10.0.3.6.3273 > 
> 64.182.172.11.8585: [|tcp] (DF)
> 1169566780.927934 rule 18/(match) pass out on xl2: 203.81.235.185.2945 > 
> 66.249.91.18.80: [|tcp] (DF)
> 1169566781.046297 rule 2/(match) pass in on xl1: 10.0.1.11.137 > 
> 10.0.255.255.137: udp 50
> 1169566781.046351 rule 22/(match) pass out on xl0: 10.0.1.11.137 > 
> 10.0.255.255.137: udp 50
> 1169566781.141521 rule 18/(match) pass out on xl2: 203.81.235.185.6110 > 
> 209.0.144.87.80: [|tcp] (DF)
> 1169566781.389933 rule 2/(match) pass in on xl1: 10.0.4.19.137 > 
> 10.0.255.255.137: udp 68
> 1169566781.390009 rule 22/(match) pass out on xl0: 10.0.4.19.137 > 
> 10.0.255.255.137: udp 68
> 1169566781.505436 rule 18/(match) pass out on xl2: 203.81.235.185.12893 > 
> 66.249.91.19.80: [|tcp] (DF)
> 1169566781.634241 rule 18/(match) pass out on xl2: 203.81.235.185.3396 > 
> 209.0.144.88.80: [|tcp] (DF)
> 1169566782.052176 rule 1/(match) pass in on xl1: 10.0.3.6.3274 > 
> 10.0.0.1.53:[|domain]
> 1169566782.145289 rule 17/(match) pass in on xl1: 10.0.1.44.1405 > 
> 64.4.37.22.1863: [|tcp] (DF)
> 1169566782.145340 rule 18/(match) pass out on xl2: 203.81.235.185.60189 > 
> 64.4.37.22.1863: [|tcp] (DF)
> 1169566782.286339 rule 1/(match) pass in on xl1: 10.0.1.32.1054 > 
> 10.0.0.1.53:[|domain]
> 1169566782.773519 rule 19/(match) pass out on xl2: 203.81.235.185.37174 > 
> 192.175.48.42.53:[|domain]
> 1169566783.227876 rule 18/(match) pass out on xl2: 203.81.235.185.12589 > 
> 66.230.155.6.80: [|tcp] (DF)
> 1169566783.565189 rule 1/(match) pass in on xl1: 10.0.2.41.1603 > 
> 10.0.0.1.8080: [|tcp] (DF)
> 1169566783.868916 rule 1/(match) pass in on xl1: 10.0.2.8.4267 > 
> 10.0.0.1.8080: [|tcp] (DF)
> 1169566783.873699 rule 18/(match) pass out on xl2: 203.81.235.185.31607 > 
> 72.14.217.189.80: [|tcp] (DF)
> 1169566783.939254 rule 18/(match) pass out on xl2: 203.81.235.185.3147 > 
> 66.249.91.83.80: [|tcp] (DF)
> 1169566783.944207 rule 1/(match) pass in on xl1: 10.0.2.41.1604 > 
> 10.0.0.1.8080: [|tcp] (DF)
> 1169566783.948180 rule 18/(match) pass out on xl2: 203.81.235.185.39092 > 
> 64.4.15.61.80: [|tcp] (DF)
> 1169566785.695035 rule 1/(match) pass in on xl1: 10.0.0.5.2305 > 
> 10.0.0.1.8080: [|tcp] (DF)
> 1169566785.697572 rule 18/(match) pass out on xl2: 203.81.235.185.22226 > 
> 81.95.147.107.80: [|tcp] (DF)
> 1169566785.776452 rule 1/(match) pass in on xl1: 10.0.2.41.1605 > 
> 10.0.0.1.8080: [|tcp] (DF)
> 1169566785.930252 rule 1/(match) pass in on xl1: 10.0.2.41.1606 > 
> 10.0.0.1.8080: [|tcp] (DF)
> 1169566785.935663 rule 18/(match) pass out on xl2: 203.81.235.185.12836 > 
> 209.191.65.8.80: [|tcp] (DF)
> 1169566786.317411 rule 18/(match) pass out on xl2: 203.81.235.185.16717 > 
> 72.14.209.87.80: [|tcp] (DF)
> 1169566786.626559 rule 2/(match) pass in on xl1: 10.0.2.44.2212 > 
> 65.43.85.53.6667: [|tcp] (DF)
> 1169566786.626613 rule 21/(match) pass out on xl0: 10.0.2.44.2212 > 
> 65.43.85.53.6667: [|tcp] (DF)
> 1169566787.104918 rule 18/(match) pass out on xl2: 203.81.235.185.21187 > 
> 204.13.161.25.80: [|tcp] (DF)
> 1169566787.113192 rule 17/(match) pass in on xl1: 10.0.2.37.2124 > 
> 207.46.26.36.1863: [|tcp] (DF)
> 1169566787.113242 rule 18/(match) pass out on xl2: 203.81.235.185.64047 > 
> 207.46.26.36.1863: [|tcp] (DF)
> 
> my ifconfig command provides
> 
> bash-3.1# ifconfig
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
>         groups: lo
>         inet 127.0.0.1 netmask 0xff000000
>         inet6 ::1 prefixlen 128
>         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
> xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         lladdr 00:50:04:03:fa:96
>         media: Ethernet autoselect (100baseTX full-duplex)
>         status: active
>         inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
>         inet6 fe80::250:4ff:fe03:fa96%xl0 prefixlen 64 scopeid 0x1
> xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         lladdr 00:50:04:a0:39:9a
>         media: Ethernet autoselect (10baseT half-duplex)
>         status: active
>         inet 10.0.0.1 netmask 0xffff0000 broadcast 10.0.255.255
>         inet6 fe80::250:4ff:fea0:399a%xl1 prefixlen 64 scopeid 0x2
> xl2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         lladdr 00:10:5a:22:64:c7
>         groups: egress
>         media: Ethernet autoselect (100baseTX full-duplex)
>         status: active
>         inet6 fe80::210:5aff:fe22:64c7%xl2 prefixlen 64 scopeid 0x3
>         inet 203.81.235.185 netmask 0xffffff00 broadcast 203.81.235.255
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
> enc0: flags=0<> mtu 1536
> 
> i did update to OpenBSD current would be great full if you help me out.
> 
> Regards
> 
> 
>  
> 
> *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
>               
> 
> 
> 
> 
> 
> 
>  
> ____________________________________________________________________________________
> Need a quick answer? Get one in minutes from people who know.
> Ask your question on www.Answers.yahoo.com
> 






 
____________________________________________________________________________________
Never miss an email again!
Yahoo! Toolbar alerts you the instant new Mail arrives.
http://tools.search.yahoo.com/toolbar/features/mail/





 
____________________________________________________________________________________
Never miss an email again!
Yahoo! Toolbar alerts you the instant new Mail arrives.
http://tools.search.yahoo.com/toolbar/features/mail/

multiple external links working .. (Solved)

Reply via email to