Site Navigation

Date:      Thu, 22 Jun 2006 18:31:52 +0200
From:      =?ISO-8859-1?Q?S=E9bastien_AVELINE?= <saveline@alinto.net>
To:        freebsd-pf@freebsd.org
Subject:   Re: pf and policy routing
Message-ID:  <449AC5F8.9000905@alinto.net>
In-Reply-To: <ffa9ac690606220900o3165855cu169e2304ee7993e4@mail.gmail.com>
References:  <449ABD0B.2040706@alinto.net> <ffa9ac690606220900o3165855cu169e2304ee7993e4@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

   Thanks for your answer but what do you think of using ipfw for routing
   policy and pf for firewalling, is it possible ?
   Huzeyfe Onal a écrit :

     Hi,
     you can use PF's route-to options  for Policy routing..
     On 6/22/06, Sébastien AVELINE [1]<saveline@alinto.net> wrote:

     Hi,
     I would like to have some advises on pf. I'd like to use pf for
     clustering a firewall and using pfsync.
     Actually I use a Linux Box to do this. The problem is that I have
     specific rules for routing with iproute2 because I got a lot of
     different subnets with multi-homing. It seems that freebsd support
     policy routing only with ipfw.
     My question is : is it possible to use ipfw just for policy routing
     and
     pf just for packet filtering ?
     For example I want to to do something like that :
     I had a default gateway (a) but if I received a packet from
     subnet(c) to
     subnet(d) --> use an another default gateway(y)
                                                                       a
     packet from subnet(a) to subnet(x) -->  use an another default
     gateway(y)
     I wonder if route-to of pf is good for my exemple or if I should
     try
     something else like ipfw for routing and pf for firewalling as I
     said
     above. Actually I'm using freebsd 6.1 for some tests.
     Thanx for your answers.
     Sebastien AVELINE
     _______________________________________________
     [2]freebsd-pf@freebsd.org mailing list
     [3]http://lists.freebsd.org/mailman/listinfo/freebsd-pf
     To unsubscribe, send any mail to
     [4]"freebsd-pf-unsubscribe@freebsd.org"

   --
   Sébastien AVELINE [5]saveline@alinto.net
   Adjoint d'Exploitation
   15 quai Tilsitt - 69002 LYON
   ......................................................................
   .........
   >>> [6]www.alinto.net - The messaging reflex <<<

References

   1. mailto:saveline@alinto.net
   2. mailto:freebsd-pf@freebsd.org
   3. http://lists.freebsd.org/mailman/listinfo/freebsd-pf
   4. mailto:freebsd-pf-unsubscribe@freebsd.org
   5. mailto:saveline@alinto.net
   6. http://www.alinto.net/

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?449AC5F8.9000905>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact