From owner-freebsd-ipfw Mon Aug 26 14: 4:46 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C88A937B400; Mon, 26 Aug 2002 14:04:42 -0700 (PDT) Received: from skywalker.rogness.net (skywalker.rogness.net [64.251.173.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA30143E4A; Mon, 26 Aug 2002 14:04:41 -0700 (PDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by skywalker.rogness.net (8.11.3/8.11.3) with ESMTP id g7QL00G32052; Mon, 26 Aug 2002 15:00:01 -0600 (MDT) (envelope-from nick@rogness.net) Date: Mon, 26 Aug 2002 14:59:59 -0600 (MDT) From: Nick Rogness To: John Resnier Cc: "Crist J. Clark" , Subject: Re: Policy routing using IPFW for multiple ISP's In-Reply-To: <20020826194547.67628.qmail@web40312.mail.yahoo.com> Message-ID: <20020826145304.F31482-100000@skywalker.rogness.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 26 Aug 2002, John Resnier wrote: > Hey Crist > > Thanks for your help. Only reason why I didn't do it with a route is > that I wanted ipfw to forward on the app layer. Ideally, I would like > to have all web traffic destined for the 66.25.xx.0/24 range to go out > the DSL Gateway but the rest of the web traffic go out the Cable > connection. The example I provided did not show all that information > because I wanted to get this problem solved first. Any examples you > would have on how to accomplish this would be awesome!! # set next-hop address for packets leaving the ed0 interface # to the DSL gateway address fwd 199.185.xx.xx tcp from any to 66.25.xx.0/24 80 out via ed0 Also, make sure nat is working properly on rl0 interface and turn on logging to help you debug (both in natd and ipfw). What you have below looks as if it should work ok. What does: # sysctl net.inet.ip.forwarding show? > > > On Wed, Aug 21, 2002 at 12:32:13AM -0700, a a wrote: > > > > > > Here's my setup > > > > > > FreeBSD 4.6.2 box with 3 NICS > > > > > > Compiled with the following options > > > options IPSTEALTH > > > options IPFIREWALL > > > options IPFIREWALL_VERBOSE > > > options IPFIREWALL_VERBOSE_LIMIT=100 > > > options IPDIVERT > > > options IPFIREWALL_FORWARD > > > > > > NIC1 - ed0 connected to my cable modem 24.86.xx.xx > > Default Gateway > > > NIC2 - rl0 conected to my DSL Modem 199.185.xx.xx > > > NIC3 - fxp0 connected to my LAN 192.168.1.1 > > > > > > > > > Here's the current IPFW rules > > > > > > 00100 fwd DSL-Gateway ip from any to 66.25.xx.0/24 > > out xmit ed0 > > > 00200 divert 8668 ip from any to any via ed0 > > > 00200 divert 8669 ip from any to any via rl0 > > > 65000 allow ip from any to any > > > > > > What I'm trying to do is have all traffic go thru > > the cable connection except for traffic destined for > > the 66.25.xx.0/24 range. I would like that range to > > go thru the DSL connection. Currently its not > > working. Has anyone tried this before? Is this > > even possible? > Nick Rogness - WARNING TO ALL PERSONNEL: Firings will continue until morale improves. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message