From owner-freebsd-ipfw@FreeBSD.ORG Fri Aug 3 20:20:39 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E760616A419 for ; Fri, 3 Aug 2007 20:20:39 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outO.internet-mail-service.net (outO.internet-mail-service.net [216.240.47.238]) by mx1.freebsd.org (Postfix) with ESMTP id DCE8F13C469 for ; Fri, 3 Aug 2007 20:20:39 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Fri, 03 Aug 2007 13:20:39 -0700 Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id B5352125A23; Fri, 3 Aug 2007 13:20:38 -0700 (PDT) Message-ID: <46B38E16.3030001@elischer.org> Date: Fri, 03 Aug 2007 13:20:38 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: Rudy Setiawan References: <8b24e4de0708021606h5bbee266xb3a4814962d26643@mail.gmail.com> <46B2817C.6010609@elischer.org> <8b24e4de0708031120n210f97ebj3f992ad7a757075e@mail.gmail.com> In-Reply-To: <8b24e4de0708031120n210f97ebj3f992ad7a757075e@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: redirect traffic based on destination port to another interface X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Aug 2007 20:20:40 -0000 Rudy Setiawan wrote: > On 8/2/07, Julian Elischer wrote: >> Rudy Setiawan wrote: >>> Hi, >>> >>> I am trying to do a traffic redirection based on destination port to >>> another interface/gateway. >>> Currently, I have a freebsd box that does simple NAT and an Internet connection. >>> I am planning to install another internet connection and use the same >>> box to do some traffic redirection. >>> >>> >>> INTERNET1 -------- freebsd box ------- INTERNET2 >>> | >>> | >>> Local Area Network >>> >>> LAN = 192.168.10.0/24 with interface em0 >>> INTERNET1-GW = x.x.x.1 with em1 >>> INTERNET2-GW = y.y.y.1 with rl0 >>> >>> My goal is to redirect any ssh traffic to INTERNET2-GW and I assume >>> that if it can be redirected through INTERNET2-GW then the packets >>> return will go through INTERNET2-GW also. >>> >> no, unless you first NAT the packets with the address of that interface. >> (otherwise the packets will come back through your primary network). >> if yo have cheep dlink or linksys or whatever DSL routers or whatever with NAT >> on them then you can use that successfully and just use ipfw 'fwd' rules to select the interface to use. > > I see, hmm are you suggesting that the linksys should be placed > between the freebsd firewall and the internet? Then do a ipfw fwd > rules to in freebsd to select which interface to go and linksys will > do all the NAT-ing for those packets respectiveily right? exactly > > Thank you. > > Regards, > Rudy