From owner-freebsd-ipfw@FreeBSD.ORG  Sat Jan 10 04:20:03 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B3BA816A4D0
	for <freebsd-ipfw@freebsd.org>; Sat, 10 Jan 2004 04:20:03 -0800 (PST)
Received: from mail.lphp.org (APastourelles-107-1-16-225.w80-14.abo.wanadoo.fr
	[80.14.185.225])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7D3E643D1D
	for <freebsd-ipfw@freebsd.org>; Sat, 10 Jan 2004 04:20:01 -0800 (PST)
	(envelope-from ajacoutot@lphp.org)
Received: from sta01 (sta01.lphp.local [192.168.0.3])
	by mail.lphp.org (8.12.10/8.12.10) with ESMTP id i0ACJWR1065007
	for <freebsd-ipfw@freebsd.org>; Sat, 10 Jan 2004 13:19:32 +0100 (CET)
	(envelope-from ajacoutot@lphp.org)
From: Antoine Jacoutot <ajacoutot@lphp.org>
To: freebsd-ipfw@freebsd.org
Date: Sat, 10 Jan 2004 13:18:02 +0100
User-Agent: KMail/1.5.4
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200401101318.02073.ajacoutot@lphp.org>
Subject: routing and fwd
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jan 2004 12:20:03 -0000

Hi :)

I have a simple problem and I was told this was possible to use ipfw to 
resolve this.
I have a FreeBSD gateway which has 2 internet connexions:
- con1 with a fixed public @ip range
- con2 with a dynamic @ip connection with a DSL modem

I would like to route all paquets coming from the DMZ (fixed public @ip range) 
and going to the Internet using con1 and route all paquets coming from LAN 
and going to the Internet using con2+NAT. I would also like to route paquets 
normally between LAN and DMZ.
The default route on the gateway would be con2 (the dynamic @ip DSL 
connexion).
Is it possible to build such a setup with ipfw ?

I was thinking about something like:
add divert 8668 ip from $LAN to !$DMZ via $con2
add fwd ip from $DMZ to !$LAN via $con1

But I was concerned about the fact that since my default route (on the 
gateway) would be con2, how would the paquets coming from the DMS be routed 
using con1 ?

I hope this is understandable...

----------------
INTERNET
----------------
   |          |
   |          |
----------------
  con1       con2
FREEBSD_GATEWAY
  em1        em0
----------------
   |          |
   |          |
   DMZ        LAN

Thanks for any inputs....
Note that I do no need failover, load balance, bonding... I just want to 
convert 2 gateways (one for each NET connection) into 1.

Regards,

Antoine