View Single Post
Old 17th September 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

NAT testing is complete.

I was able to both initiate connections outbound, and port forward to the inbound "server" with the following pf.conf. The first line NATs all outbound traffic from the internal network according to it's appropriate trunk, however it gets routed. The second line used port forwarding to expose a service, in this case sshd(8), from the internal server.
Code:
match out from em2:network to any nat-to {em0,em1}
match in proto tcp from any to any port 2222 rdr-to 10.0.3.5 port 22
pass log all
To make my testing easier, I ended up setting up the "user" machine to also use multipathing. It could route through ISP1 or ISP2.

I discovered an error I'd made while setting up the lab environment. I'd neglected to add routes between the ISPs "customer" networks (10.0.1, 10.0.2) using the "internet" network (10.0.0). I discovered this by using tcpdump(8).

If you are unable to recreate the same success I've had, please consider using tcpdump and watching traffic flow (or not flow) across your NICs.
Reply With Quote