Cannot access from internet on 2nd ISP

[ocicat]

Quote:

Originally Posted by CyberJet

Can you please explain how to set the sysctl net.inet.ip.multipath=1with the dollar sign. I have this enabled on sysctl.conf and set to 1 but I don't understand the $.

The dollar sign denotes a user account's shell prompt. This is to be distinguished from the hash or pound sign which which denotes the root account. The difference between '$' and '#' are to point out whether the following command needs to be run as root (through sudo(8) or su(1)...) or whether a generic user account is sufficient.

As examples, to view how net.inet.ip.multipath is set, simply issue the following command from a user account:

$ sysctl net.inet.ip.multipath

In comparison, disk partitioning can only be viewed with root permission:

# disklabel wd0

In both of these examples, neither '$' nor '#' are typed at the shell prompt. They denote the shell prompt & necessary permissions.

This same convention is used throughout the official FAQ.

[CyberJet]

Ok, I did this as root so I'm ok there. Thanks for the explanation.

[n4p1]

Quote:

Originally Posted by ai-danno

I seem to remember having a problem with a PPPOE adsl connection and it didn't work properly until I adjusted the MTU.

Yes, you right. I had this issue sometime ago.

But even leaving only two lines in pf.conf:

Code:

ext_if1="pppoe0"
match on $ext_if1 scrub (max-mss 1440)

didint make mpath working...

But there is a good news... After reading tons of manuals, faq and forums i finally solve my problem by simple reply-to statement in pf.conf. Everything is easy now and works perfect!

So simple solution for two ISP (no load balancing, no fail-over) with one default route is reply-to .
Most important parts of pf.conf:

Code:

ext_if1="pppoe0"
ext_gw1="xxxxxxx"
ext_if2="em0"
ext_gw2="xxxxxxx"
int_if="fxp0"

# MTU
match on $ext_if1 scrub (max-mss 1440)

# Upload limit
altq on $ext_if1 priq bandwidth 500Kb queue {up_std, up_prio}
queue up_prio priority 7
queue up_std priority 1 priq(default)

# Default policy
block in log all
block out log all
set block-policy drop

# loopback
set skip on lo

# NAT
pass out on $ext_if1 from 192.168.1.0/24 to any nat-to ($ext_if1)

# Allow anything from the internal network out onto the Internet
pass in quick on $int_if proto tcp from $int_if:network to any

# --- SSH in
# WAN1
pass in quick on $ext_if1 inet proto tcp from any to ($ext_if1) port 50022
# WAN2
pass in quick on $ext_if2 \
proto tcp from any to ($ext_if2) port 50022 \
reply-to ($ext_if2 $ext_gw2)
# --- SSH in

# --- WWW DMZ
# WAN1
pass in quick on $ext_if1 proto tcp from any to ($ext_if1) port 80 rdr-to 192.168.1.50 port 80
# WAN2
pass in quick on $ext_if2 \
proto tcp from any to ($ext_if2) port 80 \
rdr-to 192.168.1.50 port 80 \
reply-to ($ext_if2 $ext_gw2)
# INT_IF out
pass out quick on $int_if proto tcp from any to 192.168.1.50 port 80
# --- WWW DMZ

Thank you all for help,
Regards.