[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF and two interfaces



okay... another test concept.....
what if I route-to all packets tagged with a specific tag (ie: port 80
traffic) to a specific interface?  I tried this below but obviously
cant grab the syntax or even the knowledge if its possible.   If I
ever learn enouph about PF im gonna write a website to document all my
work with it... there is just alot of by-example documentation
mission.. I know of solarflux'es website but it just has examples with
no guidence.
-matt
## PF.CONF
# Trial Test - Route all 80 over SBC, rest to RCN
int_if = "bge0"
lan_net = "10.0.0.0/24"
ext_if_sbc = "fxp0"
ext_if_rcn = "re0"
ext_gw_sbc = "67.36.180.95"
nat on $ext_if_sbc from $lan_net to any -> ($ext_if_sbc)
nat on $ext_if_rcn from $lan_net to any -> ($ext_if_rcn)
pass in on $int_if tag INT_NET keep state
pass in on $int_if proto tcp to port 80 tag INT_NET_HTTP keep state
pass in quick on $int_if tagged INT_NET_HTTP route-to $ext_if_sbc,
$ext_gw_sbc from $lan_net to any keep$
pass out all
pass in all
---------- Forwarded message ----------
From: Matt Sellers <[email protected]>
Date: Thu, 4 Nov 2004 18:54:58 -0600
Subject: PF and two interfaces
To: [email protected]
Hello everybody...
Okay ive been trying to route a certain type of traffic over one
interface and send all other traffic onto another interface..  I hope
what I have posted below will at least illustrate what im trying to
achieve but I have had no success so far.
-matt
INFO --->>>>>>
network:
(re0) ------+++++++++++++++++
                +  OpenBSD 3.6-snap +------(bge0)-----(network)
(fxp0)-----++++++++++++++++++
============= pf.conf =================
## OpenBSD 3.6 PF.CONF
## file: pf.conf.lbref
#
int_if = "bge0"
ext_if_sbc = "fxp0"
ext_if_rcn = "re0"
lan_net = "10.0.0.0/24"
ext_gw_rcn = "24.148.37.1"
ext_gw_sbc = "67.36.180.95"
nat pass on $ext_if_sbc from $lan_net to any port 80 -> ($ext_if_sbc)
nat on $ext_if_rcn from $lan_net to any port !=http -> (ext_if_rcn)
# pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net
# pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if
pass in quick on $int_if route-to ($ext_if_sbc $ext_gw_sbc) \
        proto tcp from any to any port = 80 flags S/SA keep state
pass in on $int_if route-to (ext_if_rcn $ext_gw_rcn) \
        proto tcp from any to any port !=http flags S/SA keep state
pass out on $ext_if_rcn proto { tcp, udp } all keep state
pass out on $ext_if_sbc proto { tcp, udp } all keep state
pass in on $int_if proto { tcp, udp } all keep state