From owner-freebsd-net@FreeBSD.ORG  Wed Dec 31 05:31:23 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 94C9A16A4CE
	for <freebsd-net@freebsd.org>; Wed, 31 Dec 2003 05:31:23 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.184])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A935D43D2D
	for <freebsd-net@freebsd.org>; Wed, 31 Dec 2003 05:31:19 -0800 (PST)
	(envelope-from max@love2party.net)
Received: from [212.227.126.179] (helo=mrelayng9.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1AbgRT-0003lF-00
	for freebsd-net@freebsd.org; Wed, 31 Dec 2003 14:31:19 +0100
Received: from [217.83.13.134] (helo=vampire.homelinux.org)
	by mrelayng9.kundenserver.de with asmtp (Exim 3.35 #1)
	id 1AbgRS-0007Eo-00
	for freebsd-net@freebsd.org; Wed, 31 Dec 2003 14:31:18 +0100
Received: (qmail 7548 invoked from network); 31 Dec 2003 13:35:39 -0000
Received: from unknown (HELO fbsd52.laiers.local) (192.168.4.88)
  by 192.168.4.1 with SMTP; 31 Dec 2003 13:35:39 -0000
From: Max Laier <max@love2party.net>
To: Paul Schenkeveld <fb-net@psconsult.nl>, freebsd-net@freebsd.org
Date: Wed, 31 Dec 2003 14:31:16 +0100
User-Agent: KMail/1.5.4
References: <20031231093129.GB47633@FreeBSD.org.ua>
	<20031231114811.93320.qmail@web21509.mail.yahoo.com>
	<20031231130011.GA91135@psconsult.nl>
In-Reply-To: <20031231130011.GA91135@psconsult.nl>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200312311431.16869.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:e28873fbe4dbe612ce62ab869898ff08
Subject: Re: Source Routing
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Dec 2003 13:31:23 -0000

On Wednesday 31 December 2003 14:00, Paul Schenkeveld wrote:
> On Wed, Dec 31, 2003 at 03:48:11AM -0800, afshin wrote:
> > You know I Use ipf with for example pass xl1:1.2.3.4
> > from 1.2.3.5/24 to any
> > BUT, The Problem is that when I use this, the 1.2.3.5
> > cannot access the local IPs,
> > Without looking at routing tables of the router it
> > QUICKLY passes it to the NEW gateway.
>
> FWIW, I usually do all filtering using ipf but at one site I'm
> administering I had to do source routing so I implemented the routing
> part with ipfw and the (stateful) filtering with ipf.  This works great
> there.  If needed, I can dig up some config next week and post it here.
>
> Regards,
>
> Paul Schenkeveld, Consultant
> PSconsult ICT Services BV

ports/security/pf might (once again) be worth a look. See site in my .sig ;)

It has the filtering capabilities of ipf (superior fitering capabilites by 
now) and very flexible and fast routing options. In combination with ALTQ 
(which is yet to be ported to FreeBSD 5.2) it gives you complete QoS routing. 
And with its superior state tracking code which can be combined with the 
routing rules you can even do round-robin or source-hash load balancing over 
multiple uplinks.

BEWARE: port version < 2.01 has a bug in the route-to code (update is pending) 
Try tarball install of version 2.01 from http://pf4freebsd.love2party.net/

-- 
Best regards,				| max@love2party.net
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier@EFnet #DragonFlyBSD