From owner-freebsd-ipfw@FreeBSD.ORG Tue May 16 23:24:36 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C796C16A5BE for ; Tue, 16 May 2006 23:24:36 +0000 (UTC) (envelope-from atom.powers@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 45ECF43D49 for ; Tue, 16 May 2006 23:24:36 +0000 (GMT) (envelope-from atom.powers@gmail.com) Received: by nz-out-0102.google.com with SMTP id x3so96968nzd for ; Tue, 16 May 2006 16:24:35 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=TVijmZ94qF22Qi5uDdCf9k2al7dp3oaS3yfBXr8wcDc8x7yvw9Zd+uY1NKs6q6v2H9BzAVqn7/nWPUPZcdkYq5vFNRPol91A5OopZxRdhtTy6jcEWXcEjiT2F6IOfVcC4WDMRBHGkSMBSM5AYJkMtMQdEvL0Ss4BM7Z5OIn7xp0= Received: by 10.65.188.2 with SMTP id q2mr520769qbp; Tue, 16 May 2006 16:24:35 -0700 (PDT) Received: by 10.65.150.9 with HTTP; Tue, 16 May 2006 16:24:35 -0700 (PDT) Message-ID: Date: Tue, 16 May 2006 16:24:35 -0700 From: "Atom Powers" To: "PFS IT" In-Reply-To: <996142470605161456n46e43682x392b1f4f2ccfec73@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <996142470605161456n46e43682x392b1f4f2ccfec73@mail.gmail.com> Cc: freebsd-ipfw@freebsd.org, freebsd-questions@freebsd.org Subject: Re: IPFW - Two External Interfaces X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 May 2006 23:24:36 -0000 On 5/16/06, PFS IT wrote: > I am attempting to use IPFW (and either IPNAT or natd) to do the followin= g: > > I have two connections to the outside world coming in to my firewall. > em0 has a static ip and is going to a bridged DSL connection, then > bge1 has a static ip and is going to a a few bonded DS1s. bge0 goes to > my internal network. I am attempting to have NAT on both external > interfaces, and have most outbound traffic move across bge1, while > traffic from/to a particular internal system (We'll call it > internal_system for purposes of this message) to/from a particular > remote system (This we'll call remote_system) port 80 moves across > the DSL line on em0. > It was a situation similar to this that made me switch to pf. The NAT features available to IPFW (at least in the past) are/were pretty limited. If you are not committed to IPFW I would strongly recommend pf. --=20 -- Perfection is just a word I use occasionally with mustard. --Atom Powers--