From owner-freebsd-net@FreeBSD.ORG Wed May 23 13:53:57 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0D0D016A468 for ; Wed, 23 May 2007 13:53:57 +0000 (UTC) (envelope-from w65l76@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.232]) by mx1.freebsd.org (Postfix) with ESMTP id C265113C46E for ; Wed, 23 May 2007 13:53:56 +0000 (UTC) (envelope-from w65l76@gmail.com) Received: by nz-out-0506.google.com with SMTP id m22so177448nzf for ; Wed, 23 May 2007 06:53:56 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Pf7ovZFZh2SGIqvO4yK0qmTgV5ZkrAKIlTVkI8Foc4quKkkj3NhOrJ7qnvq0iV+2LGCWUCjepFyS5KkV3uYAiqdpypNexmyYqlCi5y66aMm8xHbYZpMZc6AC8ZEkWXsSQF5bLchH8GbdRFIIWLtgqJYZ/OnLPy0iQAyLDTeLa5Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=QCnEMc2h74i8+B3a9uX//MdsFwhU+xB2ZGVcG/Stcupot/SuV0oFW6lwrMnUif8qjvZ7geozLK1cRlbXRetx3Cjl81iN93PhsUTHwMWLhdd3w2luOY6KVoqG6eGgBIBwIaQKkcM6UC646Yjil4lEzpgQVQIlFI+lG80njjVzWVs= Received: by 10.114.199.1 with SMTP id w1mr279790waf.1179926791999; Wed, 23 May 2007 06:26:31 -0700 (PDT) Received: by 10.114.136.15 with HTTP; Wed, 23 May 2007 06:26:31 -0700 (PDT) Message-ID: Date: Wed, 23 May 2007 17:26:31 +0400 From: "Walery Kokarev" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: NAT and forward X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 May 2007 13:53:57 -0000 For a long time we have one internet provider, but now we have two. I have to put some of the traffic from one ISP to another judging by the user ip. At the same time certain users should still access internet via old ISP. So I decided to do it on our gateway. 1) translate source ip address; 2) change next-hop of traffic destined for new ISP appropriately. Default route left intact and looks to the old ISP. By now I am doing it that way. 1) use "ipfw divert natd" to assign our address from new ISP's pool; 2) use "ipfw fwd" for policy routing. It works just fine, but this aproach is inconvinient because the details of NAT are hidden. I can not see what translations are active. And I can not see the past: - what was translated? - how it was translated? - when it was started and finished? - how much traffic it took? Log (enabled by -log option) don't give me much idea about what's going on. Actually it shows only aliasing statistics. ipnat was another option, but I failed to figure out is it possible to change next-hop address using ipf. I am thinking about collecting packet headers using tcpdump instead of log to analyze them later. All that happens under FreeBSD 7.0-CURRENT-200702 i386 So, roundup: 1) is it possible to change next-hop using ipf? 2) is it possible to see what natd is doing?