Date: Tue, 18 Jul 2017 00:33:47 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Kurt Jaeger <lists@opsec.eu>, Grzegorz Junka <list1@gjunka.com> Cc: freebsd-net@freebsd.org, freebsd-jail@freebsd.org Subject: Re: A web server behind two gateways? Message-ID: <596CF4FB.9070306@grosbein.net> In-Reply-To: <20170717172642.GF39925@home.opsec.eu> References: <a35370da-531d-6678-4a60-95304bdd919b@gjunka.com> <20170717172642.GF39925@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
18.07.2017 0:26, Kurt Jaeger wrote: > I have a vague idea: > > If you set a tag (or a keep-state :flowname) using a ipfw rule that matches > the incoming gateway MAC and match that tag/check-state flowname and > the connection (keep-state) to fwd the answer packet back to that gateway ? In fact, the NAT engine already keeps state track of packet flows and uses that to correctly translate answers back to public IP address. All you need is to forward translated outgoing answers to correct channel based on translated external source IP address (read: do policy based forwarding).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?596CF4FB.9070306>