Default gateway

[aabaab]

Hi,
I have all the interfaces aggregated into lagg0 and have some vlans for that interface i.e. vlan10, vlan20 etc, over this I also have CARP setup, so the configuration in the rc.conf looks like following.

ifconfig_bxe0="up"
ifconfig_bxe1="up"
cloned_interfaces="lagg0 vlan10 vlan20 vlan30"
ifconfig_lagg0="laggproto failover laggport bxe0 laggport bxe1 10.0.0.2 netmask 255.255.255.252 -lro"
ifconfig_lagg0_alias0="inet vhid 5 advskew 100 pass testpass alias 192.168.0.1 netmask 255.255.255.0"
##### Carp Alias for vlan10
ifconfig_vlan10="inet 10.0.0.6 netmask 255.255.255.252"
ifconfig_vlan10_alias0="inet vhid 2 advskew 100 pass testpass alias 192.168.1.1 netmask 255.255.255.0 vlan 10 vlandev lagg0"
##### Carp Alias for vlan20
ifconfig_vlan20="inet 10.0.0.10 netmask 255.255.255.252"
ifconfig_vlan20_alias0="inet vhid 3 advskew 100 pass testpass alias 192.168.2.1 netmask 255.255.255.0 vlan 20 vlandev lagg0"
##### No carp for vlan30
ifconfig_vlan30="inet 192.168.3.1 netmask 255.255.255.0 vlan 30 vlandev lagg0"
## Default gateway
defaultrouter="192.168.1.1"

What I want to achieve is to have a default gateway 192.168.3.254 (vlan30) for the traffic received on the interface vlan30. I tried following using the PF but it gives me syntax error.

root@Server:~ # service pf restart
Disabling pf.
Enabling pf/usr/local/etc/pf.conf:10: syntax error
pfctl: Syntax error in config file: pf rules not loaded
/etc/rc.d/pf: WARNING: Unable to load /usr/local/etc/pf.conf.

My /usr/local/etc/pf.conf looks as follows,

set skip on lagg0
set skip on lo0
set skip on vlan10
set skip on vlan20
set skip on vlan30
pass in on vlan30 inet from any to any route-to vlan30 192.168.3.254

I tried this last line with the pass in on vlan30 inet from any to any route-to (vlan30 192.168.3.254) syntax too, but I still get the same error.
Can anyone help/suggest ? ?

 

[anguisette]

this is not a "default gateway". default gateway refers to the route for 0.0.0.0/0 (IPv4) or ::/0 (IPv6) which handles traffic which is not destined for any other network.

for policy routing based on source interface, i believe you have the syntax backwards. this works for me:

pass in on epair2a route-to (vtnet0 1.1.1.1) inet from any to any

 

[aabaab]

Thank you for your reply, at least the error has gone away, thanks. But I want to have a different default gateway from the traffic which enters a specific interface, in my case it is vlan30 (192.168.3.1) and the traffic coming from this interface (after processing, say there is a VPN server listening on this interface, the response should go out to 192.168.3.254, not to the default gateway), do you have any ideas how can I achieve this ?

 

[Emrion]

Try to see what fib can do for you: ifconfig(8)

 

[aabaab]

ext_if = "vlan30"
ext_gw = "a.b.c.d"  ## "LIVE-IP"
pass in on $ext_if proto tcp to ($ext_if) port 22 keep state (if-bound) reply-to ($ext_if $ext_gw)

This rule gives error too, I want to give the response back to the live IP if the request comes to FIB 1 to ssh process, any help in this ?