[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

route-to round-robin not working for windows clients?



Hi,
 
I am using Obsd/PF to set up a firewall with two external interfaces, and 
I would like to pass outgoing traffic through both Internet connections. I 
am using the rule below to tell PF to do that (there are other rules but 
this one is the key to my problem):
pass in log-all on $int_if route-to \
    { ($ext_if1 <gws_if1>) , ($ext_if2 <gws_if2>) } round-robin \
    proto { udp, icmp } from $lan_net to any keep state
Now, when I ping an Internet host from an internal OpenBSD client, the
traffic behaviour religiously respects the stated policy. That is, The
first time the this command is run, the icmp echo request/reply traffic is
routed through the first external connection; the second time this command
is run (even immediately after canceling the previous one), the traffic is
routed through the second external connection, and so on.
However, when I ping the same Internet host from an internal WINDOWS 
client, the policy is not necessarily respected any more. I guess 
that it has something to do with PF state expiration, because I 
noticed that PF only switches the traffic to the other external 
interface after the ICMP state is purged.
So my questions are:
1. Is this really what is happening ? Why the different behaviour?
2. Is there anything I could do to tell PF to behave the same way no 
matter what client is generating the traffic?
Thanks a lot in advance.
Regards,
ebl