Hi,
I have multiple gateways. I'd like to stick with the default for everything, apart from a few protocols. This rule doesn't seem to work (everything is sent out of the default gateway):
I've looked around a lot and this seems to be quite a common subject, but usually route-to fixes things. Is it enabled by default with pf? I'm running 7.2-STABLE.
The full pf.conf is here (default gateway is on $ext_if_o):
Can anyone help me get traffic to route out of $ext_if_x?
I have multiple gateways. I'd like to stick with the default for everything, apart from a few protocols. This rule doesn't seem to work (everything is sent out of the default gateway):
Code:
pass in on $int_if route-to ($ext_if_x $ext_gw_x) proto tcp from $int_if:network to any port {80,443,22,1119,3724,6112} keep stateI've looked around a lot and this seems to be quite a common subject, but usually route-to fixes things. Is it enabled by default with pf? I'm running 7.2-STABLE.
The full pf.conf is here (default gateway is on $ext_if_o):
Code:
int_if="bge0"
ext_if_x="em0"
ext_if_o="bge1"
ext_gw_x="next.hop.ip"
ext_gw_o="10.0.0.138"
tcp_services="{5631}"
icmp_types="echoreq"
r50e="192.168.1.11"
mce="192.168.1.10"
set block-policy return
set loginterface $int_if
set skip on lo
set limit tables 3000
set limit table-entries 350000
table <honeypots> persist file "/etc/pfdata/honeypots"
table <bogons> persist file "/etc/pfdata/bogons"
table <ads> persist file "/etc/pfdata/ads"
scrub in
# nat rules
nat on $ext_if_o from $int_if:network to any -> ($ext_if_o)
nat on $ext_if_x from $int_if:network to any -> ($ext_if_x)
# port forwards
rdr on $ext_if_o proto tcp from any to $ext_if_o port 13074 -> $mce # torrent
rdr on $ext_if_o proto tcp from any to $ext_if_o port {1119,3724,6112} -> $mce # wow
rdr on $ext_if_x proto tcp from any to $ext_if_x port 13074 -> $mce # torrent
rdr on $ext_if_x proto tcp from any to $ext_if_x port {1119,3724,6112} -> $mce # wow
#rdr on $ext_if_x proto tcp from any to $ext_if_x port {3389} -> $mce # rdp
block in
pass out keep state
antispoof quick for { lo $int_if }
# load balancing (assumes o2 default, special protocols xilo)
pass in on $int_if route-to ($ext_if_x $ext_gw_x) proto tcp from $int_if:network to any port {80,443,22,1119,3724,6112} keep state
#pass out on $ext_if_o route-to ($ext_if_x $ext_gw_x) from $ext_if_x to any
#pass out on $ext_if_x route-to ($ext_if_o $ext_gw_o) from $ext_if_o to any
pass in on $ext_if_x inet proto tcp from any to $ext_if_x port $tcp_services flags S/SA keep state
pass in on $ext_if_o inet proto tcp from any to $mce port 13074 flags S/SA synproxy state
pass in on $ext_if_x inet proto tcp from any to $mce port 13074 flags S/SA synproxy state
pass in on $ext_if_x inet proto tcp from any to $mce port {1119,3724,6112} flags S/SA synproxy state
#pass in on $ext_if_x inet proto tcp from any to $mce port 3389 flags S/SA synproxy state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_ifCan anyone help me get traffic to route out of $ext_if_x?
