From owner-freebsd-ipfw Mon Aug 26 22:36:13 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1136D37B400 for ; Mon, 26 Aug 2002 22:36:11 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E26C43E3B for ; Mon, 26 Aug 2002 22:36:10 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org ([12.234.91.48]) by sccrmhc02.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020827053609.RPHR13899.sccrmhc02.attbi.com@blossom.cjclark.org>; Tue, 27 Aug 2002 05:36:09 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.3/8.12.3) with ESMTP id g7R5a8JK004866; Mon, 26 Aug 2002 22:36:09 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.3/8.12.3/Submit) id g7R5a8u1004865; Mon, 26 Aug 2002 22:36:08 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Mon, 26 Aug 2002 22:36:08 -0700 From: "Crist J. Clark" To: Nick Rogness Cc: John Resnier , freebsd-ipfw@FreeBSD.ORG Subject: Re: Policy routing using IPFW for multiple ISP's Message-ID: <20020827053607.GB4732@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20020826194547.67628.qmail@web40312.mail.yahoo.com> <20020826145304.F31482-100000@skywalker.rogness.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020826145304.F31482-100000@skywalker.rogness.net> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Aug 26, 2002 at 02:59:59PM -0600, Nick Rogness wrote: > On Mon, 26 Aug 2002, John Resnier wrote: > > > Hey Crist > > > > Thanks for your help. Only reason why I didn't do it with a route is > > that I wanted ipfw to forward on the app layer. Ideally, I would like > > to have all web traffic destined for the 66.25.xx.0/24 range to go out > > the DSL Gateway but the rest of the web traffic go out the Cable > > connection. You mean forward at the transport layer. > > The example I provided did not show all that information > > because I wanted to get this problem solved first. Any examples you > > would have on how to accomplish this would be awesome!! > > > # set next-hop address for packets leaving the ed0 interface > # to the DSL gateway address > fwd 199.185.xx.xx tcp from any to 66.25.xx.0/24 80 out via ed0 > > Also, make sure nat is working properly on rl0 interface and turn > on logging to help you debug (both in natd and ipfw). What you > have below looks as if it should work ok. I don't think that will do what he wants. You'll get asymetric routing in this case. The packet will go to the 199.185.xx.xx gateway and out that way, but it will come back the other way since it will have a source address on 24.86.xx.xx. In fact, it's quite possible that the DSL ISP will drop packets with a source address that doesn't belong to them. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message