View Single Post
  #3   (View Single Post)  
Old 17th September 2008
Calderon's Avatar
Calderon Calderon is offline
Real Name: Patrick Lindholm
Fdisk Soldier
 
Join Date: May 2008
Location: Finland
Posts: 60
Default

Thanks!

Remembered something about this section from manual but the title was obviously "misleading" when i rechecked. :-P OK.

So if i get it right.

as for the incoming connections redirected to LAN machines i just
Code:
" rdr pass on $ext_if1 ..."
whatever ext_if i choose. without the round-robin ofc.

and outgoing

Code:
pass in on $int_if route-to \
   ($ext_if1 $ext_gw1)
   from $lan_net to any keep state
i would use ext_if1 as default "outgoing" and if i wanted for example port 28960 from lan machines to go via ext_if2 i would place similar rule as above before it (quick?) like this

Code:
pass in quick on $int_if route-to \
   ($ext_if2 $ext_gw2) \
   proto { udp , tcp } from $lan_net port 28960 to any keep state

pass in on $int_if route-to \
   ($ext_if1 $ext_gw1)
   from $lan_net to any keep state
Some questions.

- just to be sure, so this gateway address ext_gw means each external IF's IP, right? and can i use ext_gw1="($ext_if1)" to get IP or? thinking the case dynamic one would change so..

-To ensure that packets with a source address belonging to $ext_if1 are always routed to $ext_gw1 (and similarly for $ext_if2 and $ext_gw2), the following two lines should be included in the ruleset:
Code:
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 \
   to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 \
   to any
I don´t get it.

I think ill start the whole ruleset from scratch as this somehow gave me some enlightement (if im right about this. somebody confirm)

Last edited by Calderon; 17th September 2008 at 05:24 PM.
Reply With Quote