Thread: Multiple internet connection routing
View Single Post

   
  #7 (permalink)  
Old 02-16-2008, 05:23 AM
niels
 
Posts: n/a
Default Re: Multiple internet connection routing
Pixel K wrote:

> [...]
>
>>Have you considered the "tagging" feature of pf. Tag incoming packets
>>from the DSL soho and rdr tagged packets back to the ip of the dsl soho.
>>Look for it here:
>>http://www.openbsd.org/faq/pf/tagging.html
>>
>>Hope this helps
>>
>>Niels
>
>
> The tag is only set on the packet, not on the session, If I tag a incoming
> request
> the server response won't be tagged, and won't be recognised by pf.
>
> So far I receive my packets well, but they don't seem to come back.
> I'll try to be more explicit
>
> - Bob tries to connect to my DSL connection
> - The soho router behind the DSL modem redirect Bob's packet to my OpenBSD
> server
> - OpenBSD receives Bob's Packet ( I can see it with a tcpdump ) and tries to
> answer
> - I _think_ that OpenBSD tries to answer using its default route which is
> the CABLE connection
> - I _think_ that Bob waits forever for a response from the DSL connection
> and discards the answers gotten from the CABLE connection.
>
> I know there's a bit too much assumptions here, if you could help/clarify
> it for me, you're welcome.
> I'm unsuccessfull with PF so far.
>
> my current setting (changed a bit since the last time ):
>
> Cable router at 192.168.0.1
> DSL router at 192.168.0.128
> OpenBSD at 192.168.0.5 with default route 192.168.0.128
> and an IP alias of 192.168.0.6
>
> DSL router redirects its traffic to 192.168.0.5
> Cable router redirects its traffic to 192.168.0.6
>
> pass out log on $my_only_if route-to ($my_only_if 192.168.0.1) from
> 192.168.0.6 to !192.168.0.0/24
>
>
>
>
>
>

If I understand correctly you setup is as follows:

(192.168.0.1) (192.168.0.5) (192.168.0.0/24)
internet >>> Cable router >>> OpenBSD server >>> internal network
^
(192.168.0.128)
DSL router
^
^
internet >>>>>>>>>>>>>>>>>>>>>>>>>>>>>

What you want is SSH from the internet into the OpenBSD server from both
the DSL connection as from the Cable connection?

I think you will make things a lot easier by using two nic's on you
OpenBSD machine.
By using two nic's for separation of the traffic from the cable router
and traffic from the DSL router you could use the 'route to' directive
to couple traffic from one interface to one gateway and the traffic on
the other to the second gateway.

Setup:
(192.168.0.1) (192.168.0.5) (192.168.0.0/24)
internet >>> Cable router >>> OpenBSD server >>> internal network
(192.168.0.6)
^
(192.168.0.128)
DSL router
^
^
internet >>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Now what you put in your pf.conf is:

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 \
to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 \
to any

Finally, NAT can also be used on each outgoing interface:

nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)

For more on this see http://openbsd.org/faq/pf/pools.html#outgoing

It might be possible to use one and the same nic by using two ip-aliases
and referencing in you pf.conf not by interface ($ext_if1 and
$ext_if2)but by ip-address. Just experiment and see if that works.

Hope this was more to help,

Niels
Reply With Quote