I've tried to do something with route-to, but no success. Here is the exact situation:
Here is my routing table for IPv4 (I'm not using IPv6, so everything here will be about IPv4):
Code:
[ivanatora] /etc# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGS 0 66819 rl0
127.0.0.1 127.0.0.1 UH 0 6746 lo0
192.168.0.0/24 link#1 UC 0 0 re0
192.168.0.255 ff:ff:ff:ff:ff:ff UHLWb 1 259 re0
192.168.1.0/24 link#2 UC 0 0 rl0
192.168.1.1 00:19:e0:a0:79:e6 UHLW 2 0 rl0 940
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 1 261 rl0
194.145.63.12 192.168.0.1 UGHS 0 60 re0
Currently one of the gateways is a default route (should I remove the default rote in order to do load balancing?) and the other is just a static route to a host for some testing.
Here is my pf.conf:
Code:
### Macros
int_if = "re0"
ext_if = "rl0"
ext_ip = "192.168.1.2"
tcp_services = "{80, https, ssh, domain, 5190, 5222, ftp, whois, 18768, 6881:6889, 1025, 6921}"
udp_services = "{domain, 5190, 5222, ftp, whois, 18768, 1025, 137:139, 6921}"
### Tables
table <aonsu_net> { 192.168.0.34, 192.168.0.223 }
### Options
set block-policy return
### Normalizations
scrub in all
### Queueing
### Translation
nat pass on $ext_if from <aonsu_net> to any -> $ext_ip # NAT for two other PCs, I don't think it is important, but I decided to show you my full pf.conf
### Filtering
pass on $int_if from <aonsu_net> to any
pass on $ext_if from any to <aonsu_net>
pass on $ext_if proto tcp to any port $tcp_services
pass on $ext_if proto udp to any port $udp_services
pass in on $ext_if proto tcp from any to 192.168.1.2 port 220 label "ssh:)" # here I've tried some features of PF - labeling
pass out on $ext_if proto tcp to any port 80 label "outgoing http"
#pass out on $ext_if route-to { 192.168.1.1, 192.168.0.1 } round-robin from 192.168.1.2 to any # I've tried that, don't work
# I've tried these two at the same time - there was example in that way on http://openbsd.org/faq/pf/pools.html#outgoing
#pass out log (to pflog0) on $int_if route-to ( $ext_if 192.168.1.1 ) from $ext_ip to any
#pass out log (to pflog1) on $ext_if route-to ( $int_if 192.168.0.1 ) from 192.168.0.68 to any
#doesn't work too
#pass in on $ext_if route-to { ($ext_if 192.168.1.1) , ($int_if 192.168.0.68) } round-robin from self to any
# I've tried this one, too - doesn't work
pass in on $ext_if route-to ( $ext_if 192.168.1.1 ) from $ext_ip to any
When I mean doesn't work, I've tried with traceroute some.host to see where it goes from. Everytime it goes trough the default gateway (except for the static route, I've added for testing). So should I remove the default route?
Actually I will try that tomorrow when I get physical access to my PC (I don't want to get cut off ssh
)
Oh, and something else - in one case I've tried logging packets to pflog0 and pflog1. When I fire tcpdump on these interfaces I see not a single packet captured. Could it be that no packet matches these filtering rules?