Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 15 Nov 2001 21:04:25 -0700
From:      "Jamie Hermans" <freebsd@hermans.ca>
To:        "'Blake Crosby'" <dev@samurai.com>, <freebsd-isp@freebsd.org>
Subject:   RE: Source Based Routing
Message-ID:  <000001c16e53$c79e0f10$6420a8c0@otidan>
In-Reply-To: <5.1.0.14.2.20011115002937.02913920@home.samurai.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> -----Original Message-----
> From: owner-freebsd-isp@FreeBSD.ORG 
> [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Blake Crosby
> Sent: November 14, 2001 10:31 pm
> To: freebsd-isp@freebsd.org
> Subject: Source Based Routing
> 
> How can I make packets for a TCP connection from the
> DSL IP, go out the DSL interface, no matter what the
> IP of the other end of the TCP connection is?

I used to have a similar situation ... this is a stripped down
version of my /etc/rc.firewall at the time:

# Setup system for firewall service.
fwcmd="/sbin/ipfw -q"

# Flush out the list before we begin.
${fwcmd} -f flush

# Interface to nat
nat="ep0"

# Only in rare cases do you want to change these rules
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8

# Outside (cable) interface IP configuration
oifc="ep0"
oipc=`/sbin/ifconfig ${oifc} | /usr/bin/awk '/inet / { print $2 }'`
obcc=`/sbin/ifconfig ${oifc} | /usr/bin/awk '/inet / { print $6 }'`
omaskc=`/sbin/ifconfig ${oifc} | /usr/bin/awk '/inet / { print $4 }'`

# Outside (dsl) interface IP configuration
oifd="ed0"
oipd="xxx.xxx.xxx.xxx"
obcd="xxx.xxx.xxx.255"
omaskd="255.255.255.0"
onetd="xxx.xxx.xxx.0"
ogwd="xxx.xxx.xxx.xxx"

# Inside (private) interface IP configuration
iif="fxp0"
iip="192.xxx.xx.1"
ibc="192.xxx.xx.255"
imask="255.255.255.0"
inet="192.xxx.xx.0"
igw="192.xxx.xx.1"

# Packet shuffling for dual-homed connection
${fwcmd} add fwd ${ogwd} ip from ${oipd} to any

# Network Address Translation.
${fwcmd} add divert natd all from any to any via ${nat}


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c16e53$c79e0f10$6420a8c0>