Date: Wed, 29 May 2002 13:04:06 -0500 From: Eric_Stanfield@kenokozie.com To: freebsd-isp@freebsd.org Subject: Re: Firewall Setup Message-ID: <OF91800E1C.D2BF2CC6-ON86256BC8.00631F41@kka.com>
next in thread | raw e-mail | index | archive | help
Assuming the router in question is a Cisco, you can accomplish what you want by putting a route-map on the default router which sets the packets next hop to the 'other' router based on the source address of the outbound traffic. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Eric Stanfield, K2Access Keno Kozie Associates 222 N LaSalle #1500 Chicago, IL 60606 (312) 332-3000 "Chris Knipe" <savage@savage.za.o To: "Max" <max@ecotech.com.lr>, rg> <freebsd-isp@freebsd.org> Sent by: cc: owner-freebsd-isp@F Subject: Re: Firewall Setup reeBSD.ORG 05/29/2002 12:25 PM > My network has other routers hardware and software. I want just few machines > to use this new router instead of the whole network so that even if a client > sets this > router has his default gateway, he will not be able to access the Internet! Isn't this more of a static-routing option rather than a firewall? A firewall will block the packets, meaning that the clients which use the "wrong" router, will have *no* internet access, rather than be directed towards the right router. You can most probably redirect the packets from one firewall to another, but that's limited to a per port basis. I think the simplest solution would just be to re-route certain data from the "wrong" router, to the "right" router route add <network> <mask> <gateway> if I'm not mistaken. So, if you have 10.0.0.0/255.0.0.0 and want 10.0.1.0/24 to be assigned to router 1, on your 2, you'll add a static route for that network, routing it back to router 1. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF91800E1C.D2BF2CC6-ON86256BC8.00631F41>