|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Quote:
As examples, to view how net.inet.ip.multipath is set, simply issue the following command from a user account: $ sysctl net.inet.ip.multipath In comparison, disk partitioning can only be viewed with root permission: # disklabel wd0 In both of these examples, neither '$' nor '#' are typed at the shell prompt. They denote the shell prompt & necessary permissions. This same convention is used throughout the official FAQ. |
|
|||
Quote:
But even leaving only two lines in pf.conf: Code:
ext_if1="pppoe0" match on $ext_if1 scrub (max-mss 1440) But there is a good news... After reading tons of manuals, faq and forums i finally solve my problem by simple reply-to statement in pf.conf. Everything is easy now and works perfect! So simple solution for two ISP (no load balancing, no fail-over) with one default route is reply-to . Most important parts of pf.conf: Code:
ext_if1="pppoe0" ext_gw1="xxxxxxx" ext_if2="em0" ext_gw2="xxxxxxx" int_if="fxp0" # MTU match on $ext_if1 scrub (max-mss 1440) # Upload limit altq on $ext_if1 priq bandwidth 500Kb queue {up_std, up_prio} queue up_prio priority 7 queue up_std priority 1 priq(default) # Default policy block in log all block out log all set block-policy drop # loopback set skip on lo # NAT pass out on $ext_if1 from 192.168.1.0/24 to any nat-to ($ext_if1) # Allow anything from the internal network out onto the Internet pass in quick on $int_if proto tcp from $int_if:network to any # --- SSH in # WAN1 pass in quick on $ext_if1 inet proto tcp from any to ($ext_if1) port 50022 # WAN2 pass in quick on $ext_if2 \ proto tcp from any to ($ext_if2) port 50022 \ reply-to ($ext_if2 $ext_gw2) # --- SSH in # --- WWW DMZ # WAN1 pass in quick on $ext_if1 proto tcp from any to ($ext_if1) port 80 rdr-to 192.168.1.50 port 80 # WAN2 pass in quick on $ext_if2 \ proto tcp from any to ($ext_if2) port 80 \ rdr-to 192.168.1.50 port 80 \ reply-to ($ext_if2 $ext_gw2) # INT_IF out pass out quick on $int_if proto tcp from any to 192.168.1.50 port 80 # --- WWW DMZ Regards. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
4.8 -> 4.9 and internet access stops | thefronny | OpenBSD Security | 4 | 14th August 2011 11:47 AM |
PF cannot access Internet from internal network | gpatrick | OpenBSD Security | 3 | 29th August 2010 10:59 PM |
could not look up internet address for .lan | idefix | FreeBSD General | 2 | 31st January 2009 02:22 PM |
Internet Access Problem OpenBSD 4.3 | alcy | OpenBSD General | 3 | 19th September 2008 06:00 PM |
Internet access within jail | Weaseal | FreeBSD General | 5 | 26th June 2008 02:45 PM |