[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3-way transparent bridge?



Greg Hennessy wrote:
How are you going to decide on what default route to use to get packets out
there ?

I was kind of hoping for someone to point that out. :)


The purpose is to protect same webservers in same DMZ, if possible. So the traffic is outgoing. Then, I could handle by dns through which ISP pipe traffic goes.

I guess what I had in mind was if could use route-to/reply-to in transparent bridge? Something like:

### default ISP
pass  in quick on $isp1_if proto tcp \
        from any to $webserver_ip1 port 80 \
        flags S/SA modulate state

### alternate ISP
pass  in quick on $isp2_if reply-to $isp2_if proto tcp \
        from any to $webserver_ip2 port 80 \
        flags S/SA modulate state

But this leaves the problem, webservers defaultroute points to ISP1 and the replies would go there anyways? Is the only solution to define ip in my fw for routing and forget transparency?

--

Regards,

Toni