From owner-freebsd-isp  Fri Jul  6 10:43:43 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from thunderer.cnchost.com (thunderer.concentric.net [207.155.252.72])
	by hub.freebsd.org (Postfix) with ESMTP id AEC6437B405
	for <freebsd-isp@freebsd.org>; Fri,  6 Jul 2001 10:43:40 -0700 (PDT)
	(envelope-from bakul@bitblocks.com)
Received: from bitblocks.com (adsl-209-204-185-216.sonic.net [209.204.185.216])
	by thunderer.cnchost.com
	id NAA29675; Fri, 6 Jul 2001 13:43:38 -0400 (EDT)
	[ConcentricHost SMTP Relay 1.14]
Message-ID: <200107061743.NAA29675@thunderer.cnchost.com>
To: Greg Skouby <gskouby@sitesnow.com>
Cc: freebsd-isp@freebsd.org
Subject: Re: source routing (again) 
In-reply-to: Your message of "Fri, 06 Jul 2001 12:06:23 EDT."
             <20010706120623.B75468@sitesnow.com> 
Date: Fri, 06 Jul 2001 10:43:38 -0700
From: Bakul Shah <bakul@bitblocks.com>
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

> 192.168.1.1 is the gateway address. In my network
> I can get to it through fxp0 and fxp1. However,
> out fxp1 is a firewall/bridge that also does content filtering.
> If the user has signed up for that filtered access I need
> to assign him a certain IP (I figured that part out) and
> route his/her traffic out fxp1, through the filtering bridge and
> to 192.168.1.1. If the user doesn't want filtered access I need 
> to assign an IP out of a different block and route out of fxp0 to
> 192.168.1.1. That is why I need to be able to specify which interface,
> not just which next hop for the packet. 

Standard *BSD stack won't let you choose different interfaces
to the same next hop unless it is directly reachable.  But if
the firewall is a router (or you can put a router in front of
the firewall bridge) this is trivial.


server fxp0 --------------------- gateway
 fxp1                               |
  |                                 |
  +---------- firewall--------------+

Then for the clients that go through the firewall, you
just add a route that points to the firewall.  For example
if such clients are in the block a.b.c/24, and firewall
has the address 10.0.0.1, you can do

    route add a.b.c.0 -netmask 0xffffff00 10.0.0.1

Of course, fxp1 is on the 10. net.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message