From owner-freebsd-isp@FreeBSD.ORG Wed Oct 24 10:11:40 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1241916A468 for ; Wed, 24 Oct 2007 10:11:40 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: from mx02.interazioni.net (mx02.interazioni.net [80.94.114.204]) by mx1.freebsd.org (Postfix) with ESMTP id 945E113C48D for ; Wed, 24 Oct 2007 10:11:38 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: (qmail 77683 invoked by uid 88); 24 Oct 2007 10:11:15 -0000 Received: by simscan 1.1.0 ppid: 77668, pid: 77679, t: 0.2693s scanners: attach: 1.1.0 clamav: 0.88.7/m: Received: from unknown (HELO ?192.168.56.199?) (tonix@interazioni.it@85.18.206.139) by relay.interazioni.net with ESMTPA; 24 Oct 2007 10:11:15 -0000 Message-ID: <471F1A3F.5070100@interazioni.it> Date: Wed, 24 Oct 2007 12:11:11 +0200 From: "tonix (Antonio Nati)" User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Tom Judge References: <471F0422.5080800@interazioni.it> <471F14E1.8050900@tomjudge.com> In-Reply-To: <471F14E1.8050900@tomjudge.com> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Advanced routing option X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2007 10:11:40 -0000 Tom Judge ha scritto: > tonix (Antonio Nati) wrote: >> I'm using FreeBSD and Monowall in the most of my servers. >> >> One limit I'm facing on both is the lack of an advanced routing feature. >> >> Would be too complicated to modify "route" sources (and probably >> kernel tables) implementing a FROM parameter in ADD command? >> >> route add 0.0.0.0/0 210.10.10.1 >> route add FROM 200.1.1.0/24 0.0.0.0/0 210.10.10.10 >> route add FROM 200.1.2.0/24 0.0.0.0/0 210.10.11.11 >> >> A FROM option would improve a lot routing capabilities and handling >> of multiple WAN connections. >> >> Any comment? >> >> Tonino >> > > If you wish to do this type of policy routing you need to use one of > the firewalls as it can't be done in the routing table. PF can do > this easily with its route-to option. > I feel it is more a routing feature than a fw feature. I don't see extending routing tables (and relative routing checking) so complicated. Tonino > Tom > > > -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@interazioni.it ------------------------------------------------------------