From owner-freebsd-ipfw@FreeBSD.ORG Fri Aug 3 18:20:35 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A479216A417 for ; Fri, 3 Aug 2007 18:20:35 +0000 (UTC) (envelope-from rudal999@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.185]) by mx1.freebsd.org (Postfix) with ESMTP id 517C413C442 for ; Fri, 3 Aug 2007 18:20:35 +0000 (UTC) (envelope-from rudal999@gmail.com) Received: by rv-out-0910.google.com with SMTP id f1so616078rvb for ; Fri, 03 Aug 2007 11:20:35 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qAmZvL+JE2Z10rk8gNyB2aWTUMRcMxE8OhhXWLDYKqQB9d4ci8rHpOc0hm3q6ALl0D+AwLp4dlXfrXtkrNWUnpphFBzkaSHsqECWcpF2XD4Km6+tWqiFcDMqAUP6MgmF+NxhPbp/wGlbZCFlVBzqYcizN3DpaNG+0pJJbMs05ss= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=uU6YeTxZgGzyKIY+jgV8fklcFhsuX8O6O/F4eYRmj1b0ux+aOgUhP8A/ylm0c0aDrKg5+cL6SUEzlh+Q+PFv8/TMzGgg79mppmAn9LeUn7ubw6oNAkoYR+dshsHPMVlNLBn/yhWNnL8MGrfYF3Qb8VpH20D1A6iaNaezWPIl2yg= Received: by 10.143.161.3 with SMTP id n3mr146468wfo.1186165234472; Fri, 03 Aug 2007 11:20:34 -0700 (PDT) Received: by 10.143.3.6 with HTTP; Fri, 3 Aug 2007 11:20:34 -0700 (PDT) Message-ID: <8b24e4de0708031120n210f97ebj3f992ad7a757075e@mail.gmail.com> Date: Fri, 3 Aug 2007 11:20:34 -0700 From: "Rudy Setiawan" To: "Julian Elischer" In-Reply-To: <46B2817C.6010609@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <8b24e4de0708021606h5bbee266xb3a4814962d26643@mail.gmail.com> <46B2817C.6010609@elischer.org> Cc: freebsd-ipfw@freebsd.org Subject: Re: redirect traffic based on destination port to another interface X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Aug 2007 18:20:35 -0000 On 8/2/07, Julian Elischer wrote: > Rudy Setiawan wrote: > > Hi, > > > > I am trying to do a traffic redirection based on destination port to > > another interface/gateway. > > Currently, I have a freebsd box that does simple NAT and an Internet connection. > > I am planning to install another internet connection and use the same > > box to do some traffic redirection. > > > > > > INTERNET1 -------- freebsd box ------- INTERNET2 > > | > > | > > Local Area Network > > > > LAN = 192.168.10.0/24 with interface em0 > > INTERNET1-GW = x.x.x.1 with em1 > > INTERNET2-GW = y.y.y.1 with rl0 > > > > My goal is to redirect any ssh traffic to INTERNET2-GW and I assume > > that if it can be redirected through INTERNET2-GW then the packets > > return will go through INTERNET2-GW also. > > > > no, unless you first NAT the packets with the address of that interface. > (otherwise the packets will come back through your primary network). > if yo have cheep dlink or linksys or whatever DSL routers or whatever with NAT > on them then you can use that successfully and just use ipfw 'fwd' rules to select the interface to use. I see, hmm are you suggesting that the linksys should be placed between the freebsd firewall and the internet? Then do a ipfw fwd rules to in freebsd to select which interface to go and linksys will do all the NAT-ing for those packets respectiveily right? Thank you. Regards, Rudy -- +++++++++ http://foodblog.rudal.com