From owner-freebsd-pf@FreeBSD.ORG  Thu Jun 22 15:53:51 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E90A016A479
	for <freebsd-pf@freebsd.org>; Thu, 22 Jun 2006 15:53:51 +0000 (UTC)
	(envelope-from saveline@alinto.net)
Received: from alinto.net (saturn.alinto.net [195.167.226.155])
	by mx1.FreeBSD.org (Postfix) with SMTP id 25F4143D49
	for <freebsd-pf@freebsd.org>; Thu, 22 Jun 2006 15:53:50 +0000 (GMT)
	(envelope-from saveline@alinto.net)
Received: (qmail 27839 invoked by uid 64); 22 Jun 2006 15:53:48 -0000
Received: from saveline@alinto.net by alinto.net (uvscan: v4.4.00/v4790.
	Clean); 22 Jun 2006 15:53:48 -0000
Received: from unknown (HELO ?192.168.0.213?)
	(saveline@alinto.net@82.235.12.159)
	by smtpp.alinto.net with SMTP; 22 Jun 2006 15:53:48 -0000
Message-ID: <449ABD0B.2040706@alinto.net>
Date: Thu, 22 Jun 2006 17:53:47 +0200
From: =?ISO-8859-1?Q?S=E9bastien_AVELINE?= <saveline@alinto.net>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-aduser: saveline@alinto.net/82.235.12.159
Subject: pf and policy routing
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jun 2006 15:53:52 -0000

Hi,

I would like to have some advises on pf. I'd like to use pf for 
clustering a firewall and using pfsync.
Actually I use a Linux Box to do this. The problem is that I have 
specific rules for routing with iproute2 because I got a lot of 
different subnets with multi-homing. It seems that freebsd support 
policy routing only with ipfw.
My question is : is it possible to use ipfw just for policy routing and 
pf just for packet filtering ?
For example I want to to do something like that :

I had a default gateway (a) but if I received a packet from subnet(c) to 
subnet(d) --> use an another default gateway(y)
                                                                  a 
packet from subnet(a) to subnet(x) -->  use an another default gateway(y)


I wonder if route-to of pf is good for my exemple or if I should try 
something else like ipfw for routing and pf for firewalling as I said 
above. Actually I'm using freebsd 6.1 for some tests.

Thanx for your answers.


Sebastien AVELINE