[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF anchors

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: PF anchors
From: Gaby vanhegan <gaby_(_at_)_vanhegan_(_dot_)_net>
Date: Wed, 9 Feb 2005 16:11:04 +0000

To the PF gurus,

Following on from a previous email which I think was too wordy for most people to bother reading... :)

I have 2 internet connections at home, and run some servers and desktop machines on my home network. What I want is failover from one line to the other, in the event of one line going down. I want to use pf as we have lots of interesting port forwarding to do. My plan is to have this in pf.conf:

load anchor if_defs from /etc/pf.conf.if-switch

nat on $ext_if_adsl  from $int_net to any -> ($ext_if_adsl)
nat on $ext_if_cable from $int_net to any -> ($ext_if_cable)

pass out all from $int_net_servers to any route-to $ext_if_adsl
pass out all from $int_net_dekstops to any route-to $ext_if_cable

.. outbound rules, etc...

Then in /etc/pf.conf.if-switch:

$ext_if_adsl=xl0;
$ext_if_cable=xl1;

Which gets adjusted by another monitoring script in the event of either cable or ADSL lines going down to:

$ext_if_adsl=xl1;
$ext_if_cable=xl1;

or

$ext_if_adsl=xl0;
$ext_if_cable=xl0;

Is this going to work? Will these macros make it into the main ruleset and perform the failover I'm after?

Gaby

--
Uganda Maximum - Enemy of the English Thrust
gaby_(_at_)_vanhegan_(_dot_)_net
http://weblog.vanhegan.net

Prev by Date: Re: pf do not load on snapshot 20050106
Next by Date: Re: Logging when max-src-states hit
Previous by thread: dhcpd's "filename" statement
Next by thread: pf.conf macro help needed
Index(es):
- Date
- Thread

Visit your host, monkey.org