Date: Tue, 28 Apr 1998 13:50:34 +0300 From: Eugene Vedistchev <scaner@belabm.by> To: David Muir Sharnoff <muir@idiom.com> Cc: "freebsd-hackers@FreeBSD.ORG" <freebsd-hackers@FreeBSD.ORG> Subject: Re: Routing problem that I need solved. Message-ID: <3545B47A.5AABF3AC@belabm.by> References: <199804280755.AAA11300@idiom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Have you seen IP-Filter ? check http://cheops.anu.edu.au/~avalon/ and http://cheops.anu.edu.au/~avalon/examples.html#redirection David Muir Sharnoff wrote: > > My fellow FreeBSD addicts, I've got a kernel mod that I need done. > I could probably do it myself, but I would much prefer not to as > I've got other fish to fry. I've also got slightly more money than > time. I can afford to $2,000 as a thank-you if someone does this. > > Idiom is now multi-homed. Idiom has three sets of IP addresses: > 1: addresses that can only be routed through BEST.COM > 2: addresses that can only be routed through ABOVE.NET > 3: addresses that can be routed through either BEST.COM or ABOVE.NET > > Most addresses are type 3 (routed through both). For reliability, > it's important to keep a few key services using type 1 and type 2 > addresses. For example, the two primary nameservers: ns.idiom.com > uses a type 1 address and ns2.idiom.com uses a type 2 address. > > That provides some reliability for the incomming traffic. What I > would like is to make sure that at least some of the outgoing traffic > is symmetrical. > > If a packet is coming _from_ a type 1 address, then it should be > routed out through BEST.COM. If it's coming from a type 2 address then it > should be routed out through ABOVE.NET. > > I run OSPF internally, so the routing situation tends to be a bit > dynamic. > > As many utilities as possible should reply using the address they were > contacted on. DNS, radius, etc. That's a separate problem though. > > My solution to this would be to create another ipfw rule: "route through" > > Example of usage: > > # skip over packets that are inbound. > > ipfw add 100 skipto 200 all from any to 140.174.82/24 # type 1 > ipfw add 110 skipto 200 all from any to 209.66.121/24 # type 2 > ipfw add 120 skipto 200 all from any to 209.157.64/19 # type 3 > > # selectively route type 1 and type 2 outbound > > ipfw add 140 pass through 140.174.37.21 all from 140.174.82/24 to any > ipfw add 150 pass through 209.66.121.1 all from 209.66.121/24 to any > > The semantics of "pass through" are that the next hop for the packet > will be chosen as if it were bound for the address given. The same rule > can be deployed throughout my network. > > There's one other detail that would help things: make the skipto rule fast. > Right now the skipto rule does a linear search. > > I know that $2k is not much money for tricky kernel work, but it's > what I can afford for this. Cisco routers can do routing based on > the source address. > > I use -STABLE. I need a solution that's fit for production use and > also fit for inclusion in -STABLE. > > Thanks, > > -Dave > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3545B47A.5AABF3AC>