Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 31 Dec 2003 14:31:16 +0100
From:      Max Laier <max@love2party.net>
To:        Paul Schenkeveld <fb-net@psconsult.nl>, freebsd-net@freebsd.org
Subject:   Re: Source Routing
Message-ID:  <200312311431.16869.max@love2party.net>
In-Reply-To: <20031231130011.GA91135@psconsult.nl>
References:  <20031231093129.GB47633@FreeBSD.org.ua> <20031231114811.93320.qmail@web21509.mail.yahoo.com> <20031231130011.GA91135@psconsult.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wednesday 31 December 2003 14:00, Paul Schenkeveld wrote:
> On Wed, Dec 31, 2003 at 03:48:11AM -0800, afshin wrote:
> > You know I Use ipf with for example pass xl1:1.2.3.4
> > from 1.2.3.5/24 to any
> > BUT, The Problem is that when I use this, the 1.2.3.5
> > cannot access the local IPs,
> > Without looking at routing tables of the router it
> > QUICKLY passes it to the NEW gateway.
>
> FWIW, I usually do all filtering using ipf but at one site I'm
> administering I had to do source routing so I implemented the routing
> part with ipfw and the (stateful) filtering with ipf.  This works great
> there.  If needed, I can dig up some config next week and post it here.
>
> Regards,
>
> Paul Schenkeveld, Consultant
> PSconsult ICT Services BV

ports/security/pf might (once again) be worth a look. See site in my .sig ;)

It has the filtering capabilities of ipf (superior fitering capabilites by 
now) and very flexible and fast routing options. In combination with ALTQ 
(which is yet to be ported to FreeBSD 5.2) it gives you complete QoS routing. 
And with its superior state tracking code which can be combined with the 
routing rules you can even do round-robin or source-hash load balancing over 
multiple uplinks.

BEWARE: port version < 2.01 has a bug in the route-to code (update is pending) 
Try tarball install of version 2.01 from http://pf4freebsd.love2party.net/

-- 
Best regards,				| max@love2party.net
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier@EFnet #DragonFlyBSD

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312311431.16869.max>