Date: Fri, 18 May 2007 13:04:20 +1200 From: Andrew Thompson <thompsa@freebsd.org> To: Kurt Buff <kurt.buff@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: pf, bridging, transparent proxy, dual gateways? Message-ID: <20070518010420.GD64031@heff.fud.org.nz> In-Reply-To: <a9f4a3860705171725t57df384bm214c717f9dfb6bb6@mail.gmail.com> References: <a9f4a3860705171725t57df384bm214c717f9dfb6bb6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 17, 2007 at 05:25:35PM -0700, Kurt Buff wrote: > All, > > Wondering if the following scenario at all rational/feasible: > > [fw-a]------- > | > | > [switch]---[freebsd]---[router]---[many subnets] > | > | > [fw-b]------- > > Fw-a fronts our current T1, and that ties our other two offices > together with IPSec, and is our main inbound mail feed. > > Fw-b is soon to be installed, and will front a new T1. > > The lines are not bonded - they come from different vendors. > > I'd like to forward all individual user traffic (HTTP/FTP/other) out > of the second T1, perhaps with the use of Squid/Frox, leaving our > intra-corporate traffic to go in/out the current T1, and also email. The easiest why is to use the route-to option in pf. When you pass the traffic from the internal network you mark which link it should go out. pass in quick on $int_if route-to ($fw-a_if $fw-a_ip) ... (some criteria) pass in quick on $int_if route-to ($fw-b_if $fw-b_ip) ... (other criteria) If you are also accepting connections in from the internet then you may want to look at the reply-to option. regards, Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070518010420.GD64031>