From owner-freebsd-isp@FreeBSD.ORG Wed Oct 24 11:48:14 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 548B416A421 for ; Wed, 24 Oct 2007 11:48:14 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from s200aog12.obsmtp.com (s200aog12.obsmtp.com [207.126.144.126]) by mx1.freebsd.org (Postfix) with SMTP id 5C71613C48A for ; Wed, 24 Oct 2007 11:47:35 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from source ([217.206.187.80]) by eu1sys200aob012.postini.com ([207.126.147.11]) with SMTP; Wed, 24 Oct 2007 11:47:23 UTC Received: from [10.0.0.89] (bill.mintel.co.uk [10.0.0.89]) by rodney.mintel.co.uk (Postfix) with ESMTP id 2330918141F; Wed, 24 Oct 2007 12:47:23 +0100 (BST) Message-ID: <471F30CA.7060504@tomjudge.com> Date: Wed, 24 Oct 2007 12:47:22 +0100 From: Tom Judge User-Agent: Thunderbird 1.5.0.13 (X11/20070824) MIME-Version: 1.0 To: "tonix (Antonio Nati)" References: <471F0422.5080800@interazioni.it> <471F14E1.8050900@tomjudge.com> <471F1A3F.5070100@interazioni.it> <471F24C6.8020808@tomjudge.com> <471F2F86.7070805@interazioni.it> In-Reply-To: <471F2F86.7070805@interazioni.it> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Advanced routing option X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2007 11:48:14 -0000 tonix (Antonio Nati) wrote: > Tom Judge ha scritto: >> tonix (Antonio Nati) wrote: >>> Tom Judge ha scritto: >>>> tonix (Antonio Nati) wrote: >>>>> I'm using FreeBSD and Monowall in the most of my servers. >>>>> >>>>> One limit I'm facing on both is the lack of an advanced routing >>>>> feature. >>>>> >>>>> Would be too complicated to modify "route" sources (and probably >>>>> kernel tables) implementing a FROM parameter in ADD command? >>>>> >>>>> route add 0.0.0.0/0 210.10.10.1 >>>>> route add FROM 200.1.1.0/24 0.0.0.0/0 210.10.10.10 >>>>> route add FROM 200.1.2.0/24 0.0.0.0/0 210.10.11.11 >>>>> >>>>> A FROM option would improve a lot routing capabilities and handling >>>>> of multiple WAN connections. >>>>> >>>>> Any comment? >>>>> >>>>> Tonino >>>>> >>>> >>>> If you wish to do this type of policy routing you need to use one of >>>> the firewalls as it can't be done in the routing table. PF can do >>>> this easily with its route-to option. >>>> >>> I feel it is more a routing feature than a fw feature. I don't see >>> extending routing tables (and relative routing checking) so complicated. >>> >>> Tonino >> >> It is not that it is not complicated. It is that it is _NOT_ >> _POSSIBLE_ to do this with the FreeBSD routing sub system. You _MUST_ >> do this with a firewall on FreeBSD. > Not possible with the ACTUAL routing subsystem, or not possible to > change the code to enhance the subsystem? I'm speaking about modifying > the code, if necessary. > > Tonino > Not possible with the current implementation, I don't know about how feasible it is to add the support you want either. You may want to ask on net@ to see if anyone there is actively working on this. However if you are looking for a quick solution you should go the firewall route. Tom