OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Andreas Forsgren (andreas.forsgrendirect2internet.com)
Date: Mon Jun 10 2002 - 07:27:53 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Odd,

    I have the exact same problem here. Somehow I got it to work for a day or
    two, but then it suddenly stopped. The problem is that incoming packages
    arrives on tl0, then gets sent out on xl0 instead.

    Jun 10 13:20:19.413185 rule 119/0(match): pass in on tl0: x.x.x.x >
            y.y.y.y: icmp: echo request (DF)

    Jun 10 13:20:19.413274 rule 125/0(match): pass out on xl0: y.y.y.y >
            x.x.x.x: icmp: echo reply (DF)

    And no, I'd rather not go with Linux... please :)

    Regards,
    Andreas

    On Mon, 10 Jun 2002, Ramin Alidousti wrote:

    > That's why I told you to go with Linux. Linux has this thing called
    > "advance routing" with which this kind of concepts are possible.
    > I doubt that any bsd implementation does this for you ;-)
    >
    > Ramin
    >
    > On Mon, Jun 10, 2002 at 01:13:24PM +0200, Koen Maes wrote:
    >
    > > Hi,
    > >
    > > My problem:
    > >
    > > -ext0 x1.y1.z1.w1->
    > > -------------------OpenBSD 3.1. -->int0 10.0.1.x
    > > -ext1 x2.y2.z2.w2->
    > >
    > > * Two external interfaces connected to Internet.: ext0 and ext1
    > > * One internal interface connected to LAN : int0
    > >
    > > Nat to give access from Lan to internet : OK
    > > I want to be able to have a primary MX with port forwarding from ext0
    > > to point to internal mail server, and a secondary MX with port
    > > forwarding from ext1 to point to the same internal mail server. I use
    > > 'rdr' in nat.conf for this.
    > >
    > > BUT:
    > > * ext0 has gateway x1.w1.y1.V1
    > > * ext1 has gateway x2.w2.y2.V2
    > > If I define the gateway of ext0 as my default route then the mail works
    > > for ext0 but ext1 doesnt (timeout, no connection)
    > > And if I define the gateway of ext1 as my default route then mail only
    > > works using ext1 but not for ext0 (same prob)
    > >
    > > Question:
    > > How do I tell the box to route the incoming connections back to where
    > > they originated ??? I already tried addding additional routes voor the
    > > external ip of ext0 and ext1 but doesnt make sense and it doesnt work !
    > > I think I should use the "dest dest_addr" in the hostname.ext0 and
    > > hostname.ext1 files but I dont find much info on how this works. I have
    > > clearly have a routing problem and I am looking for clues on how to
    > > solve this....
    > >
    > > Any help welcome.. thx in advance.
    > >
    > > Koen