From owner-freebsd-questions@FreeBSD.ORG  Sat Apr 23 14:26:48 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 34E3F16A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 23 Apr 2005 14:26:48 +0000 (GMT)
Received: from mail27.sea5.speakeasy.net (mail27.sea5.speakeasy.net
	[69.17.117.29])	by mx1.FreeBSD.org (Postfix) with ESMTP id F23AA43D49
	for <freebsd-questions@freebsd.org>;
	Sat, 23 Apr 2005 14:26:47 +0000 (GMT)
	(envelope-from omniBSD@speakeasy.net)
Received: (qmail 28633 invoked from network); 23 Apr 2005 14:26:47 -0000
Received: from acute.anhedonia.com (HELO [10.20.30.10]) (omni@[66.93.24.213])
          (envelope-sender <omniBSD@speakeasy.net>)
          by mail27.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
          for <alcr@inbox.ru>; 23 Apr 2005 14:26:47 -0000
Message-ID: <426A5BF8.10505@speakeasy.net>
Date: Sat, 23 Apr 2005 09:30:16 -0500
From: Ash <omniBSD@speakeasy.net>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US;
	rv:1.7.2) Gecko/20041104 Netscape/7.1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Alexandr Lookoshkoff <alcr@inbox.ru>
References: <141232174.20050422120552@inbox.ru>
In-Reply-To: <141232174.20050422120552@inbox.ru>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@freebsd.org
Subject: Re: Two natd daemons
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Apr 2005 14:26:48 -0000

Alexandr Lookoshkoff wrote:
> Hello freebsd-questions,
> 
>   I have gateway with two external links and want to some users using
>   second link. How it can be done?
> 
>   Is it possible via two copyes of natd running?
> 

What you are asking involves making a routing decision based on the 
source IP (sometimes called Policy Based Routing or Source Based 
Routing, depending on the vendor). IP Routing decisions are typically 
based on the destination address, not the source. What you want is some 
mechanism that will make route decisions based on the source address 
(i.e. packets with a source address from network A get routed out of 
interface 1 to gateway 1, while packets from  Network B get routed out 
of interface 2 to gateway 2).

I haven't used ipfw/natd in years, so I honestly don't know if natd/ipfw 
will allow you to do what you want. However, I do know that Packet 
Filter (pf(4) ported over to FreeBSD from OpenBSD) will allow you to do 
this. Check out pf.conf(5)'s man page and do a search for "route-to". 
You might want to check out Peter N. M. Hansteen's "Firewalling with 
with OpenBSD's PF packet filter":

http://www.bgnett.no/~peter/pf/en/long-firewall.html

As well as the official user's guide:

ftp://ftp.openbsd.org/pub/OpenBSD/doc/pf-faq.txt


Good luck to you,
-Ash