Date: Fri, 06 Jul 2001 10:43:38 -0700 From: Bakul Shah <bakul@bitblocks.com> To: Greg Skouby <gskouby@sitesnow.com> Cc: freebsd-isp@freebsd.org Subject: Re: source routing (again) Message-ID: <200107061743.NAA29675@thunderer.cnchost.com> In-Reply-To: Your message of "Fri, 06 Jul 2001 12:06:23 EDT." <20010706120623.B75468@sitesnow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> 192.168.1.1 is the gateway address. In my network
> I can get to it through fxp0 and fxp1. However,
> out fxp1 is a firewall/bridge that also does content filtering.
> If the user has signed up for that filtered access I need
> to assign him a certain IP (I figured that part out) and
> route his/her traffic out fxp1, through the filtering bridge and
> to 192.168.1.1. If the user doesn't want filtered access I need
> to assign an IP out of a different block and route out of fxp0 to
> 192.168.1.1. That is why I need to be able to specify which interface,
> not just which next hop for the packet.
Standard *BSD stack won't let you choose different interfaces
to the same next hop unless it is directly reachable. But if
the firewall is a router (or you can put a router in front of
the firewall bridge) this is trivial.
server fxp0 --------------------- gateway
fxp1 |
| |
+---------- firewall--------------+
Then for the clients that go through the firewall, you
just add a route that points to the firewall. For example
if such clients are in the block a.b.c/24, and firewall
has the address 10.0.0.1, you can do
route add a.b.c.0 -netmask 0xffffff00 10.0.0.1
Of course, fxp1 is on the 10. net.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107061743.NAA29675>