[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dup-to to multiple next-hops?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: Dup-to to multiple next-hops?
From: James Kilton <kilton9_(_at_)_yahoo_(_dot_)_com>
Date: Mon, 3 Feb 2003 10:16:16 -0800 (PST)

Someone kindly emailed me informing me that the
default man page view on the website is the current
release, so that's why I was seeing the differences in
syntax.

So with that in mind, it appears to me based on the
man page that dup'ing to multiple interfaces is
possible in -current. I installed the latest snapshot,
but either I can't get the syntax right or the
functionality doesn't work yet.  This is what I'm
trying:

pass in quick on fxp0 dup-to ( { fxp1 1.1.1.1, fxp3
2.2.2.1 } ) from any to any

pfctl gives a syntax error whenever it hits this line.
 I've tried every possible syntax change I can think
of based on the man page: without the IP addresses,
without spaces in various places, using route-to
instead of dup-to, etc.  But, no luck so far.

Does anyone have any suggestions?  Or is this new
feature not functional yet?

Another thing that's strange (it doesn't really
matter, though it could be related to the above
problem I suppose) is that I can't just use an
interface name even when dup'ing to a single interface
-- it doesn't load unless I also include the
interface's IP address.  The man page leads me to
believe that just the interface name should work.

Thanks,
James

--- James Kilton <kilton9_(_at_)_yahoo_(_dot_)_com> wrote:
> Is it possible to dup-to a packet to multiple next
> hops whenever it matches a PF rule?  I noticed some
> syntax for this in the pf.conf manage on the
> website:
> 
> route          = fastroute |
>                       ( route-to | reply-to | dup-to
> )
>                       ( routehost | { routehost-list
> }
> )
>                       [ pooltype ]
> 
> But this differs from the pf.conf manpage that comes
> with 3.2 (which doesn't contain anything about
> routehost-list).  I tried it anyway on a 3.2
> machine,
> but it didn't seem to like the syntax.  We'd like to
> dup traffic to multiple firewalls in a test
> environment.
> 
> Thanks.
> Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> http://mailplus.yahoo.com
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Follow-Ups:
- Re: Dup-to to multiple next-hops?
  - From: Henning Brauer

Prev by Date: slow NFS
Next by Date: Re: slow NFS
Previous by thread: Re: slow NFS
Next by thread: Re: Dup-to to multiple next-hops?
Index(es):
- Date
- Thread

Visit your host, monkey.org