Jon Rubio escreveu: > Hello, > > IB4m a quite newbye on OpenBSD and need some help with routing dependent on > the source network. > > This is the diagram of the scenary: (public IPs aren't the real ones) > > (ISP1) (ISP2) > ADSL-DHCP SHDSL:80.25.145.193 > | | > | | > --------------------- --------------------------- > |Ext IP: DHCP | |Ext IP : 80.25.145.193 | > |Int IP: 192.168.0.1 | |Int IPs: 80.25.145.192/29| > --------------------- --------------------------- > | | > | | > |------------------------------------------------------| > | bge0: 192.168.0.254 bge1: 80.25.145.194 | > | > | > | OpenBSD 4.2 FIREWALL | > | Default gateway: 192.168.0.1 | > | > | > | bge2: 172.16.0.254 bge3: 172.31.0.254 | > |------------------------------------------------------| > | | > | | > | | > ------------------ ------------------ > / LAN \ / DMZ \ > / 172.16.0.0/24 \ / 172.31.0.0/24 \ > | | | | > | gw: 172.16.0.254 | | | > | | | WEB_SRV: 172.31.0.21 | > \ / \ / > \ / \ / > ----------------- ------------------- > . . . snip
Selective routing uses the route-to directive from pf. It's quite simple to use and, to achieve what you want, a simple rule like this should solve (the macros are wrong, was lazy to look them every time :): pass in on $dmz_if route-to ($isp2_iface $ips2_gw) from $dmz_net to any $dmz_if = dmz interface $isp2_iface = interface which is attached to isp2 link $isp2_gw = next hop (host to reach the net on isp2) $dmz_net = dmz network route-to directives are quite powerful. I developed a solution using pf + ifstated + snmp + ping and some clever (almost) shell scripts to automatically change the rules depending on the availability of the link. My regards, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em InformC!tica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
