On 11/30/18 8:31 PM, Chris Bennett wrote:
> I'm just curious. Is there a default method to select on this? Random?
> Can I control this somehow?
> It's clear how everything else selects IP, but I just wanted to know in
> case that ever mattered, say one of my IPs were blocked.
> And I wanted to be sure which IP outbound is or is not used for running
> something like lynx, etc.
>
> Not terribly important, but at least interesting question for me.
>
> Thanks,
> Chris Bennett
>
>
If you say 'outbound IP' I am guessing you WAN facing public address.
There are several ways to do this....
The first would be to use a NAT Pool. This would effectively pop all
your public addresses a selectable group:
eg. { 1.1.1.1 , 2.2.2.2 , 3.3.3.3 , 4.4.4.4 }
Depending on the pool configuration ie. if there was any weighting put
on for IP selection or it would simply use a round-robbin type of selection.
https://www.openbsd.org/faq/pf/nat.html
https://www.openbsd.org/faq/pf/example1.html
Another method would be to setup a static route. So in the above example
with NAT pool you could simply say something like:
IP 172.16.40.52 -> 1.1.1.1
So your PF rule would then be something like:
match out on $ext_if from 172.16.40.52 to any nat-to {1.1.1.1}
The weighted option or a load balanced option would have something like
this:
https://www.openbsd.org/faq/pf/pools.html
Regards,
Kaya
No comments:
Post a Comment