Date: Fri, 03 Aug 2007 16:49:07 -0700 From: Julian Elischer <julian@elischer.org> To: Rudy Setiawan <rudal999@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: redirect traffic based on destination port to another interface Message-ID: <46B3BEF3.3030606@elischer.org> In-Reply-To: <8b24e4de0708031507y69944e53raefe86e6cba63345@mail.gmail.com> References: <8b24e4de0708021606h5bbee266xb3a4814962d26643@mail.gmail.com> <46B2817C.6010609@elischer.org> <8b24e4de0708031120n210f97ebj3f992ad7a757075e@mail.gmail.com> <46B38E16.3030001@elischer.org> <8b24e4de0708031507y69944e53raefe86e6cba63345@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Rudy Setiawan wrote: > can you run two instances of natd? yes. you can even get natd to run two separate translation sets but I hav enever done it. (phk added code to allow that some time ago I believe) of course you don't need that if you have NAT devices on each link anyway. ($40 each..) > > Thank you. > > Regards, > Rudy > > > On 8/3/07, Julian Elischer <julian@elischer.org> wrote: >> Rudy Setiawan wrote: >>> On 8/2/07, Julian Elischer <julian@elischer.org> wrote: >>>> Rudy Setiawan wrote: >>>>> Hi, >>>>> >>>>> I am trying to do a traffic redirection based on destination port to >>>>> another interface/gateway. >>>>> Currently, I have a freebsd box that does simple NAT and an Internet connection. >>>>> I am planning to install another internet connection and use the same >>>>> box to do some traffic redirection. >>>>> >>>>> >>>>> INTERNET1 -------- freebsd box ------- INTERNET2 >>>>> | >>>>> | >>>>> Local Area Network >>>>> >>>>> LAN = 192.168.10.0/24 with interface em0 >>>>> INTERNET1-GW = x.x.x.1 with em1 >>>>> INTERNET2-GW = y.y.y.1 with rl0 >>>>> >>>>> My goal is to redirect any ssh traffic to INTERNET2-GW and I assume >>>>> that if it can be redirected through INTERNET2-GW then the packets >>>>> return will go through INTERNET2-GW also. >>>>> >>>> no, unless you first NAT the packets with the address of that interface. >>>> (otherwise the packets will come back through your primary network). >>>> if yo have cheep dlink or linksys or whatever DSL routers or whatever with NAT >>>> on them then you can use that successfully and just use ipfw 'fwd' rules to select the interface to use. >>> I see, hmm are you suggesting that the linksys should be placed >>> between the freebsd firewall and the internet? Then do a ipfw fwd >>> rules to in freebsd to select which interface to go and linksys will >>> do all the NAT-ing for those packets respectiveily right? >> exactly >> >>> Thank you. >>> >>> Regards, >>> Rudy >> > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46B3BEF3.3030606>