[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Routing out of 1-host networks

I have an interesting problem with a new backup ADSL line I have. Normally,
packets (mostly NAT stuff) going out of the router originate from its leased
line IP address, and then out of the leased line interface to the default
router of our main ISP (my router is running OpenBSD 3.5). As you'd expect
What I've done is get an ADSL line as backup, so I can just switch NATted
traffic to the ADSL interface on the router. I don't want to change the
default route, though, I just want to be able to let a rule cut in that NATs
certain people to the ADSL IP instead.
However, the ADSL network that I get from the ADSL modem is a.b.c.d/32 - if
I stick a dhcp-enabled laptop on the end of the modem, I get:
IP a.b.c.d
Default gateway a.b.c.d
i.e. it treats itself as the default gateway. This works on the laptop. On
the router, of course, anything coming from the ADSL IP of a.b.c.d gets
routed out through the leased line interface, because that's where the
default route is. This is not what I want, since packets that originate from
the ADSL IP address ought to be routed out of the ADSL interface and down
the ADSL line.
So, I tried using a route-to rule, but it doesn't seem to be happy, since of
course it's its own default route.?My first pass rules in the pf.conf file
pass out quick on $leased_line_if route-to $adsl_if from \
$adsl_ip_addr to any
pass quick on $adsl_if from any to any keep state
if I change the first line to:
..route-to ($adsl_if $adsl_ip_addr) from...
it still doesn't work. None of my NAT rules have a 'pass' in them, so I
think the route-to rule should be being evaluated, although
``pfctl -vs rules'' gives:
[ Evaluations: 350       Packets: 0         Bytes: 0           States: 0 ]
for the route-to rules.
I'm sure I'm missing something obvious - any takers?
Oliver Humpage
ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444
E-mails received are assumed to be for my attention, to do with as I wish.
No responsibility is accepted if communications are sent to me in error.
This disclaimer has as much legal status as yours.