From owner-freebsd-questions@FreeBSD.ORG Sun Oct 19 17:31:20 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1F5F16A4B3 for ; Sun, 19 Oct 2003 17:31:20 -0700 (PDT) Received: from blacklamb.mykitchentable.net (207-173-254-228.bras01.elk.ca.frontiernet.net [207.173.254.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 97ABD43FBF for ; Sun, 19 Oct 2003 17:31:19 -0700 (PDT) (envelope-from drew@mykitchentable.net) Received: from bigdaddy (unknown [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 034293BF3F2; Sun, 19 Oct 2003 17:31:13 -0700 (PDT) Message-ID: <004a01c396a1$781551b0$0301a8c0@bigdaddy> From: "Drew Tomlinson" To: "Michael C. Cambria" References: <005401c39510$a5250cf0$0301a8c0@bigdaddy> <3F931854.4020309@fid4.com> Date: Sun, 19 Oct 2003 17:31:13 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 cc: FreeBSD Questions Subject: Re: Is Port Based Routing Possible? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2003 00:31:20 -0000 ----- Original Message ----- From: "Michael C. Cambria" To: "Drew Tomlinson" Sent: Sunday, October 19, 2003 4:03 PM > Drew Tomlinson wrote: > > Is there a way to route traffic based on port? Basically, I want to have > > all traffic on port 8080 use the rl0 interface for its gateway and all other > > traffic use dc0. Here is a diagram of my network. > > Are you using ipfw? If so, on your FreeBSD 4.8 machine, an 'fwd' rule > should let you send anything you want that matches the rule out the port > you want. (This is called "policy routing", where your policy bypasses > the routing database and does what you explicilty tell it to for a given > set of traffic.) Thanks for your reply. I'm adding my network diagram for the benefit of those that might find this message outside the context of the thread. Internet | Public IP | ADSL Modem/Router 192.168.10.1 | dc0 192.168.10.2 | FBSD 4.8 --------- rl0 | 192.168.100.2 dc1 | | 192.168.100.1 192.168.1.2 Neighbor's AP | | Internal LAN Public IP | | 192.168.1.3 Internet Media Server I am using ipfw and I've tried 'fwd' with no success. The nat processor can only redirect packets to addresses on its own subnet so I set it fo forward to 192.168.100.2 (rl0). A 'fwd' rule here forwards the packet to 192.168.1.3 but the destination address on the packet remains 192.168.100.2 and the media server ignores the packet. Running natd with a -redirect_port switch on the rl0 interface actually rewrites the destination address to 192.168.1.3. So this gets the packets processed by the media server. The default route on the gateway is 192.168.10.1 (which is my DSL router). Thus packets from the media server go out dc0. I have added a 'fwd 192.168.100.1 from 192.168.1.3 8080 to any' rule in ipfw but no success. I've also tried 192.168.100.2 but work either. I'll have to run tcpdump on the interface and see if I can tell exactly what's going on. I suspect that 'fwd' might alter the packet so nat doesn't process it? However addiing a static entry (route add 192.168.100.1) gets the connection working. > Of course, once out rl0, all machines "down stream" will have to do > likewise unless their default route sends the packets on port 8080 to > the right place. After the packet leaves my FBSD gateway and is on my neighbor's network, his Linksys router (192.168.100.1) should get it to the right place so I'm OK there. Thanks, Drew