Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 29 May 2002 13:04:06 -0500
From:      Eric_Stanfield@kenokozie.com
To:        freebsd-isp@freebsd.org
Subject:   Re: Firewall Setup
Message-ID:  <OF91800E1C.D2BF2CC6-ON86256BC8.00631F41@kka.com>
next in thread | raw e-mail | index | archive | help 

Assuming the router in question is a Cisco, you can accomplish what you
want by putting a route-map on the default router which sets the packets
next hop to the 'other' router based on the source address of the outbound
traffic.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Eric Stanfield, K2Access
Keno Kozie Associates
222 N LaSalle #1500
Chicago, IL 60606
(312) 332-3000




                                                                                              
                    "Chris Knipe"                                                             
                    <savage@savage.za.o        To:     "Max" <max@ecotech.com.lr>,            
                    rg>                        <freebsd-isp@freebsd.org>                      
                    Sent by:                   cc:                                            
                    owner-freebsd-isp@F        Subject:     Re: Firewall Setup                
                    reeBSD.ORG                                                                
                                                                                              
                                                                                              
                    05/29/2002 12:25 PM                                                       
                                                                                              
                                                                                              



> My network has other routers hardware and software. I want just few
machines
> to use this new router instead of the whole network so that even if a
client
> sets this
> router has his default gateway, he will not be able to access the
Internet!

Isn't this more of a static-routing option rather than a firewall?  A
firewall will block the packets, meaning that the clients which use the
"wrong" router, will have *no* internet access, rather than be directed
towards the right router.

You can most probably redirect the packets from one firewall to another,
but
that's limited to a per port basis.  I think the simplest solution would
just be to re-route certain data from the "wrong" router, to the "right"
router

route add <network> <mask> <gateway>   if I'm not mistaken.

So, if you have 10.0.0.0/255.0.0.0 and want 10.0.1.0/24 to be assigned to
router 1, on your 2, you'll add a static route for that network, routing it
back to router 1.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF91800E1C.D2BF2CC6-ON86256BC8.00631F41>