Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Thread Tools Display Modes
Old 30th September 2011
ocicat ocicat is offline
Join Date: Apr 2008
Posts: 3,287

Originally Posted by CyberJet View Post
Can you please explain how to set the sysctl net.inet.ip.multipath=1with the dollar sign. I have this enabled on sysctl.conf and set to 1 but I don't understand the $.
The dollar sign denotes a user account's shell prompt. This is to be distinguished from the hash or pound sign which which denotes the root account. The difference between '$' and '#' are to point out whether the following command needs to be run as root (through sudo(8) or su(1)...) or whether a generic user account is sufficient.

As examples, to view how net.inet.ip.multipath is set, simply issue the following command from a user account:

$ sysctl net.inet.ip.multipath

In comparison, disk partitioning can only be viewed with root permission:

# disklabel wd0

In both of these examples, neither '$' nor '#' are typed at the shell prompt. They denote the shell prompt & necessary permissions.

This same convention is used throughout the official FAQ.
Reply With Quote
Old 30th September 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
Join Date: Feb 2009
Location: Miami FL
Posts: 98

Ok, I did this as root so I'm ok there. Thanks for the explanation.
Reply With Quote
Old 30th September 2011
n4p1 n4p1 is offline
New User
Join Date: Mar 2010
Posts: 9

Originally Posted by ai-danno View Post
I seem to remember having a problem with a PPPOE adsl connection and it didn't work properly until I adjusted the MTU.
Yes, you right. I had this issue sometime ago.

But even leaving only two lines in pf.conf:
match on $ext_if1 scrub (max-mss 1440)
didint make mpath working...

But there is a good news... After reading tons of manuals, faq and forums i finally solve my problem by simple reply-to statement in pf.conf. Everything is easy now and works perfect!

So simple solution for two ISP (no load balancing, no fail-over) with one default route is reply-to .
Most important parts of pf.conf:

match on $ext_if1 scrub (max-mss 1440)

# Upload limit
altq on $ext_if1 priq bandwidth 500Kb queue {up_std, up_prio}
queue up_prio priority 7
queue up_std priority 1 priq(default)

# Default policy
block in log all
block out log all
set block-policy drop

# loopback
set skip on lo

pass out on $ext_if1 from to any nat-to ($ext_if1)

# Allow anything from the internal network out onto the Internet
pass in quick on $int_if proto tcp from $int_if:network to any

# --- SSH in
# WAN1
pass in quick on $ext_if1 inet proto tcp from any to ($ext_if1) port 50022
# WAN2
pass in quick on $ext_if2 \
proto tcp from any to ($ext_if2) port 50022 \
reply-to ($ext_if2 $ext_gw2)
# --- SSH in

# --- WWW DMZ
# WAN1
pass in quick on $ext_if1 proto tcp from any to ($ext_if1) port 80 rdr-to port 80
# WAN2
pass in quick on $ext_if2 \
proto tcp from any to ($ext_if2) port 80 \
rdr-to port 80 \
reply-to ($ext_if2 $ext_gw2)
# INT_IF out
pass out quick on $int_if proto tcp from any to port 80
# --- WWW DMZ
Thank you all for help,
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
4.8 -> 4.9 and internet access stops thefronny OpenBSD Security 4 14th August 2011 11:47 AM
PF cannot access Internet from internal network gpatrick OpenBSD Security 3 29th August 2010 10:59 PM
could not look up internet address for .lan idefix FreeBSD General 2 31st January 2009 02:22 PM
Internet Access Problem OpenBSD 4.3 alcy OpenBSD General 3 19th September 2008 06:00 PM
Internet access within jail Weaseal FreeBSD General 5 26th June 2008 02:45 PM

All times are GMT. The time now is 09:31 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick