Hi all,
I am failing at a basic routing.
I have included this rule in my pf.conf:
pass out quick proto udp from any to any port 51820 route-to 192.168.1.254
I thought this would be force egress traffic with destination port 51820 to use
192.168.1.254 as a gateway, instead of the default gatew
On Mon, 15 Apr 2024, at 21:33, Thomas wrote:
> Hi all,
>
> I'm greatly enjoying OpenBSD and have it on most of my devices as I try
> to set up my "perfect lab". I would like some feedback / thoughts about
> one behaviour which I don't quite get.
>
> I have a VM for the world facing side of my ne
Hi all,
I'm greatly enjoying OpenBSD and have it on most of my devices as I try to set
up my "perfect lab". I would like some feedback / thoughts about one behaviour
which I don't quite get.
I have a VM for the world facing side of my network. I have a wireguard network
to link it up to a hom
On Tue, May 30, 2023 at 06:07:32PM +0300, Nick Andersen wrote:
> Hi Folks,
hi.
>
> I am writing to seek assistance regarding an issue I am experiencing in
> trying to route my Personal Computer's network traffic to a TUN interface.
> My objective is to modify some of its content and subsequently
Hi Folks,
I am writing to seek assistance regarding an issue I am experiencing in
trying to route my Personal Computer's network traffic to a TUN interface.
My objective is to modify some of its content and subsequently return the
traffic back.
So far, I have successfully created a TUN interface
Running openbsd 6.9 stable here
I am not able to use a pf rule using route-to/reply-to with an ipv6
linklocal address.
example:
pass out inet6 route-to fe80::abcd%em0
The syntax is valid and therefore is accepted but the "%em0" is striped
out when config is pushed.
The packets are not push
Hi Misc,
I’m trying to use policy based routing (route-to) with divert-packet feature.
I’m just using example code written at divert’s man page. (man divert)
I’ve two WAN interfaces which are pppoe0(default gw) and pppoe.
Those pf rules works below:
#
pass in log quick on vether10 inet proto udp f
Hi Misc,
I’m trying to use policy based routing (route-to) with divert-packet feature.
I’m just using example code written at divert’s man page. (man divert)
I’ve two wan interfaces which are pppoe0(default gw) and pppoe1
Those pf rules works below:
#
pass in log quick on vether10 inet proto
to \
$vpn_gateway_ip@$vpn_if
So that *only* traffic bound for port 25 gets sent over the VPN
connection, but it does so for all hosts. Anyhow, I haven't been able to
get it to work, and I realize I don't understand enough about how pf
route-to and static routes work and are differen
On 2017-05-23, Markus Rosjat wrote:
> just to clarify this a rule in pf with the route-to keyword only works
> when multipath routing is enable in sysctl.conf?
You do not need net.inet.ip.multipath (or v6 equiv) to use a route-to rule,
only net.inet.ip.forwarding.
You do need a route table entr
Hi there,
just to clarify this a rule in pf with the route-to keyword only works
when multipath routing is enable in sysctl.conf?
regards
--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de
G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden
http://www.g
Just confirming that after fixing non-OpenBSD-related
issues, round-robin works just fine even with only one
interface.
Julf
On 14/01/13 17:53, Johan Helsingius wrote:
> Hi!
>
> I have a small network, connected by 2 ADSL connections, and
> want to load-share the connections. All exampl
Hi!
I have a small network, connected by 2 ADSL connections, and
want to load-share the connections. All examples of route-to
round-robin that I have seen have used 2 separate interfaces,
but as both my ADSL modems are on the same "no-mans-land"
network, I have been (so far unsuccessfully) trying
Short question: does pfsync currently support fluent failover of a pf
established 'route-to' state, when a CARP failover happens?
Reason for the question: CARP, pfsync, and route-to all seem to work
nicely in our OpenBSD load balancer (LB) setup, except: fluent failover
of established TCP connect
Hi All,
After a lot of testing I found out that my problem is appearing when I use
NATTED links as my uplinks. When I use routed ip addresses without NAT my
route-to setup is working for openbsd 4.5 and 4.7. When using route-to over at
least 1 link with NAT (I've tested it with both an openbsd NA
I think you need to specify the gateway. On a host I set up
that uses DSL (pppoe(4) so the gw is 0.0.0.1):
pass out on $ext_if1 from $ext_if2 to any route-to ($ext_if2 0.0.0.1)
pass out on $ext_if2 from $ext_if1 to any route-to ($ext_if1 0.0.0.1)
I don't know if your omission of 'to any' affects
Em 27-07-2010 05:04, Maikel Verheijen escreveu:
Hello fellow openbsd fans,
While preparing a test environment for my upgrade to openbsd 4.7 I ran into a
slight problem. My current setup uses route-to rules to send out traffic back
out on the interface it received it on like this:
pass out on $e
On Tue, Jul 27 2010 at 04:10, Maikel Verheijen wrote:
> Hello fellow openbsd fans,
Hello,
> While preparing a test environment for my upgrade to openbsd 4.7 I ran into a
> slight problem. My current setup uses route-to rules to send out traffic back
> out on the interface it received it on like th
Hello fellow openbsd fans,
While preparing a test environment for my upgrade to openbsd 4.7 I ran into a
slight problem. My current setup uses route-to rules to send out traffic back
out on the interface it received it on like this:
pass out on $ext_if2 route-to ($ext_if1 $ext_if1_router) from ($
Hello, I have this PF firewall with two ISPs connected to it and an
internal network. This firewall is balancing the traffic through both
ISPs, and it works great. Now I'm up to the task of making this
firewall react when an ISP goes down and reroute all traffic to the
other one. Both ISPs are unab
http://openbsd.org/faq/current.html#20090902
--
I must not fear. Fear is the mind-killer. Fear is the little-death that
brings total obliteration. I will face my fear. I will permit it to pass
over me and through me. And when it has gone past I will turn the inner
eye to see its path. Where th
Hi,
...on Fri, Dec 04, 2009 at 03:46:22PM +, Fred Crowson wrote:
> pf has virtually been rewritten in that time
Ok, what bit me from that is that the default for rules was
changed to "keep state" in the meantime and some other stuff
that was relying on the old semantics interfered with
On 12/4/09, Alexander Bochmann wrote:
> Hi,
>
> did anything change in regard to pf rules with the
> route-to option in recent versions of OpenBSD?
>
> I've just reinstalled an old system that was running
> OpenBSD 3.9 with 4.6, and gave it my old pf rulesets.
>
> There is a rule that is supposed
(forgot to reply to list)
Please show a dmesg.
Mitja
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Alexander Bochmann
> Sent: Friday, December 04, 2009 4:04 PM
> To: misc@openbsd.org
> Subject: pf route-to doesn&#
Hi,
did anything change in regard to pf rules with the
route-to option in recent versions of OpenBSD?
I've just reinstalled an old system that was running
OpenBSD 3.9 with 4.6, and gave it my old pf rulesets.
There is a rule that is supposed to send all traffic
originating from a certain loca
Hi,
I have a host with 2 external interfaces (pppoe0 and pppoe1 in this
case, they're ADSL lines). As such, I host
services behind them and want to be able for both IP addresses to be
used when talking to said service. Here's
a snippet of pf.conf with the relevant stuff:
rdr on pppoe0 inet prot
Bill Meigs escreveu:
> I discovered that rules like
> pass in on $int_if route-to ($ext_if2 $ext_gw2) from any to any
> must route-to an interface and not that interface's ip address. The
> rule set will load without an error message but the route-to rule will
> not work if the ip address is specif
Howdy Bill?
Back in Dec.06 you asked some similar questions about
"dynamic update of gateway for route-to rules in pf.conf on dhcp interface".
Did you find a way to do this?
Thanks,
Dhu
On Mon, 21 Jul 2008 21:16:50 -0700
Bill Meigs <[EMAIL PROTECTED]> wrote:
> I discovered that rules like
>
I discovered that rules like
pass in on $int_if route-to ($ext_if2 $ext_gw2) from any to any
must route-to an interface and not that interface's ip address. The rule
set will load without an error message but the route-to rule will not
work if the ip address is specified.
My first question is
On 2008-06-30, Duncan Patton a Campbell <[EMAIL PROTECTED]> wrote:
> Here's the ruleset. Let me know if you have a use for it or know
> of some way of getting the DHCP gateway.
You could use a custom dhclient-script that adjusts the rules.
It's probably easier to handle using anchors.
Dear List,
With help from various people here I've composed a pf ruleset that
allows "load splitting" between two (or more) ISP connections
on the basis of the client (internal) IP addressess.
The problem I have with this is when one or more of the ISPs provide
a DHCP assigned address/route. W
On Wednesday, 2. May 2007 18:29:54 Matthias Bertschy wrote:
> gives me a different gateway each time the pppoe (using ppp(8) on tun0)
> is established.
> As this IP changes every time, it is very difficult to hardcode it in
> pf.conf
> So, I have several solutions so far:
> 1. change ISP
>
Hello,
I have two internet accesses, and I am using a route-to rule to assign
specific traffic to a specified interface (the way I want in the routing
table).
Various tests have revealed I need to specify the next hop otherwise the
"default" route will always be used.
My problem: I have a re
On 2007/04/27 23:02, Johan Linner wrote:
> 2 wan connections, I want the traffic from the internal lan ($lan) to go
> through the wan1 ($wan1) connection via NAT. Wan1 is not the default
> route, I use route-to, right?? How is this working together with NAT?
> And are the replies making it thro
Hi,
I am trying to understand the differences between route-to and reply-to
in pf. Have not found any good examples in man(pf.conf) or Google.
2 wan connections, I want the traffic from the internal lan ($lan) to go
through the wan1 ($wan1) connection via NAT. Wan1 is not the default
route,
Hello,
On Wed, 21.02.2007 at 12:00:51 -0600, Chris Black <[EMAIL PROTECTED]> wrote:
> 1) ifstated with ping and if.up tests and executing route commands
> The idea here would be ifstated would trigger commands something like:
> route delete default rtr0.ip; route add default rtr1.ip
you didn't gi
On Wed, Feb 21, 2007 at 12:00:51PM -0600, Chris Black wrote:
> I am trying to set up failover default routes. The situation is three
> OpenBSD machines, client, rtr0 and rtr1. Client has two interfaces, one
> with a crossover link to rtr0 and one to rtr1. I would like the default
> route for client
I am trying to set up failover default routes. The situation is three
OpenBSD machines, client, rtr0 and rtr1. Client has two interfaces, one
with a crossover link to rtr0 and one to rtr1. I would like the default
route for client to be rtr0 unless rtr0 has failed in some way
(unreachable, etc). As
On 2/14/07, Frans Haarman <[EMAIL PROTECTED]> wrote:
when routing packets to another interface, is it then possible to do redirection
for those packets on the other interface ?
I am trying to:
- route subnets to a tunnel
- redirect the subnets to private ip
10.100.1.1 > bge0 --- route-to --
when routing packets to another interface, is it then possible to do redirection
for those packets on the other interface ?
I am trying to:
- route subnets to a tunnel
- redirect the subnets to private ip
10.100.1.1 > bge0 --- route-to ---> tun0 --- rdr 10.100.1.1 -> 192.168.1.1
I am seeing
Hi all,
I've been trying to get interface groups going on a machine and have met with a
possibly interesting problem.
I have declared an interface to be part of a group, and that group shows up
correctly if I `ifconfig foogroup` or `pfctl -s Interfaces`
I have a setup where I have one VPN come i
I have a 3.5 firewall acting as a gateway for 2 networks (DMZ and
internal lan) to a single internet provider. To alleviate bandwidth
issues, I purchased a second internet connection from a different
provider. I would like to route the DMZ through the first provider
and the internal lan to the se
Dave Harrison wrote:
> I have two links, a rather costly one, and a cheap high bandwidth one.
> I prefer to use the cheap one whenever possible, but if it goes down I
> want to fail over onto the expensive one.
>
> This rule (from the PF FAQ) will let me round-robin my outgoing
> connections :
>
Hi all,
I have two links, a rather costly one, and a cheap high bandwidth one.
I prefer to use the cheap one whenever possible, but if it goes down I
want to fail over onto the expensive one.
This rule (from the PF FAQ) will let me round-robin my outgoing
connections :
pass in on $int_if route-t
44 matches
Mail list logo
