From owner-freebsd-security@FreeBSD.ORG  Thu Apr 15 13:31:58 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A589016A4CE
	for <freebsd-security@freebsd.org>;
	Thu, 15 Apr 2004 13:31:58 -0700 (PDT)
Received: from web60708.mail.yahoo.com (web60708.mail.yahoo.com
	[216.109.117.231])
	by mx1.FreeBSD.org (Postfix) with SMTP id 23D8143D31
	for <freebsd-security@freebsd.org>;
	Thu, 15 Apr 2004 13:31:58 -0700 (PDT)
	(envelope-from gillsr@yahoo.com)
Message-ID: <20040415203157.44002.qmail@web60708.mail.yahoo.com>
Received: from [24.14.141.106] by web60708.mail.yahoo.com via HTTP;
	Thu, 15 Apr 2004 13:31:57 PDT
Date: Thu, 15 Apr 2004 13:31:57 -0700 (PDT)
From: Stephen Gill <gillsr@yahoo.com>
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Policy routing with IPFW
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2004 20:31:58 -0000

Hi There,

I've been having an issue trying to figure out a way to policy route
outbound packets from a multihomed machine through the proper interface
using IPFW to no avail.

I've tried several different incantations of IPFW fwd/forward
statements, and none of them seem to do the trick.  

Basically, I have a host that has multiple Internet connections.  This
host is running FreeBSD 4.9 with the proper Kernel mods in place.  I
have a single default route.

I would like to add rules to my ipfw firewall policy that would do the
following:

- All traffic sourced from Interface 1 (dc0) should go out gateway 1 
- All traffic sourced from Interface 2 (dc1) should go out gateway 2
- All traffic destined to Interface 1 (dc0) should return out gateway 1
- All traffic destined to Interface 2 (dc1) should return out gateway 2

Gateway 1 is on dc0 and Gateway 2 is on dc1.  I think you get the
picture.  

Is this type of thing possible with IPFW?  If not, is there any other
module that would allow me to do this?  I don't care how ugly it gets,
just so long as it works.

Thanks in advance,
-- steve



	
		
__________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
http://taxes.yahoo.com/filing.html