Re: pf question

[Jimmy Johansson <jimmy%Update.UU.SE@localhost>]

On Sat, May 18, 2013 at 12:35:27AM +0200, Konrad Neuwirth wrote:
> Hello, 
> 
> we are currently struggling with a pf configuration that we can't seem to get 
> working. 
> 
> Basically, the challenge is that we have a NetBSD system acting as a router 
> for a largish network. Said system has two upstream nodes ('default routes') 
> that apply, depending on the ip address that we use. Basically, we have one 
> broadband connection that should be used for most every (outgoing) traffic. 
> The exception is that the second upstream handles a subnet that we have here, 
> and all traffic to and from those addresses should, of course, be going over 
> that second link. 
> 
> What we've done is added the broadband as the default route, and then had a 
> pf rule to the effect of: 
> 
> pass out route-to ($ext_if_dsl $dsl_gw) proto tcp from $fixed_ip to any
> 
> But this does not work -- the packets just do not go out over the appropriate 
> interface. Connecting to something on one of those IP numbers just ? has a 
> connection that times out. 
> 
> What am I missing? What do we need to do? 

The pf rules only says where traffic is allowed to go, it does not
affect routing. Have you added a static route for the traffic to the
subnet? See route.conf(5).

Regards,

Jimmy
-- 
If you don't shoot the bearers of bad news, people will keep bringing it to you.