From owner-freebsd-security Tue Apr 3 13:20: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from boromir.vpop.net (dns1.vpop.net [206.117.147.2]) by hub.freebsd.org (Postfix) with ESMTP id 6255537B725 for ; Tue, 3 Apr 2001 13:20:02 -0700 (PDT) (envelope-from mreimer@vpop.net) Received: from vpop.net ([209.102.16.48]) by boromir.vpop.net (8.11.2/8.11.2) with ESMTP id f33KJun92940; Tue, 3 Apr 2001 13:19:56 -0700 (PDT) (envelope-from mreimer@vpop.net) Message-ID: <3ACA3077.BA9CFFCE@vpop.net> Date: Tue, 03 Apr 2001 13:20:07 -0700 From: Matthew Reimer Organization: VPOP Technologies, Inc. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: owensmk@earthlink.net, security@freebsd.org Subject: Re: Multiple Default Gateways using DIVERT References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Michael Owens wrote: > > My company has a single DSL line through which I have set up internet access > via NAT using IPF. > > We are getting a second DSL line, and I was wondering what the best way, if > any, would be to use NAT and different default gateways so as to divide up > the groups by source address across them. I would like 10.10.10.1-128 to go > through gateway 1 (say 2.2.2.1) and 10.10.10.129-254 through gateway 2 (say > 2.2.2.2). I have searched the mail archives and seen various suggestions, but > none seemed to address this specifically. > > I know this can't be done with IPF, so I am asking if this is something that > could be done with IPFW. From what I can tell, it might using divert, but I > am not all that clear on divert's use in varying gateways. This might be a start, though I'm not sure how NAT should fit in. You'll need the IPFIREWALL and IPFIREWALL_FORWARD kernel options. ipfw add 1000 fwd 2.2.2.1 ip from 10.10.10.0/25 to any ipfw add 2000 fwd 2.2.2.2 ip from 10.10.10.128/25 to any Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message