Thanks Stuart!
On 3/28/23 16:19, Stuart Henderson wrote:
> On 2023-03-28, Kaya Saman <kayasaman@gmail.com> wrote:
>> On my WAN vlan for what I am going to call ISP-B, as ISP-A is existing
>> for a long time. What I'm trying to do right now is set this as a
>> default gateway for a particular subnet.
> There's no such thing as "default gateway for a subnet".
>
> One way to do what you want is with PF "route-to" rules applying only
> to packets with a source address in the subnet of interest (and likewise
> for "reply-to" to handle incoming connections, maybe in conjunction with
> rdr-to). This is a little messier config, but if the old setup will be
> going away after not too long, it might be easier to handle.
>
> Another way is to use multiple route tables (put the relevant interfaces
> in a different rdomain, e.g. "rdomain 2" in the hostname.if files), and
> use "-T 2" when adding routes relating to that), this is cleaner/simpler
> in some ways, though it can also be more tricky if you're running any
> services on the router itself (you may need to run a second instance
> bound to the second rdomain).
My mind has Cisco Route-Map pre-programmed in I think :-(
I am looking at rdomains now, which might be the solution.
In addition to the OpenBSD FAQ and MAN pages I found this website too:
https://unfriendlygrinch.info/posts/openbsd-routing-tables-and-routing-domains/
of course taking it with a pinch of salt as the content hosted on
openbsd.org is the correct one ;-)
Also going through this:
https://www.openbsd.org/papers/bsdcan2015-rdomains.pdf - I know an old
paper and probably much has changed in the meantime.
Anyway, what I am trying to figure out is how to NAT the rdomain's?
At the moment from what I understand one has to put "rtable (n)" at the
end of the NAT rule... checking with pfctl -ss |grep x.x.x.x does not
show any NAT translations unfortunately.
The rule in use is this one:
match out on $gnet_if from $vpn_net1 nat-to {$wan_gnet} rtable 2
I'm a little bit stuck here. I even tried replacing the $gnet_if with
"rdomain 2" but that didn't seem to work either.
Guess I've got more reading to do....
>
>> https://misc.openbsd.narkive.com/lCGUlP2Q/two-default-route
>>
>> I think the above was more to do with using 2x default routes in a
>> multipath setup rather then simply trying to get one particular subnet
>> to use another ISP specifically.
> multipath is not what you're looking for here
>
>> Also one last note: I'm not using the /etc/mygate at all.... it was my
>> understanding that when building a router you didn't need it and
>> certainly for now I have never needed it with the VSDL2 link from ISP-A.
> that's ok, your default route is over pppoe which you can't do via /etc/mygate.
>
>
No comments:
Post a Comment