Date: Mon, 14 Aug 2000 18:37:09 -0500 From: Gerd Knops <gerti@bitart.com> To: Mike Meyer <mwm@mired.org> Cc: questions@freebsd.org Subject: Re: Routing based on source IP? Message-ID: <20000814233710.12115.qmail@camelot.bitart.com> In-Reply-To: <14744.32653.437890.388308@guru.mired.org> References: <14744.32653.437890.388308@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Meyer wrote: > Gerd Knops writes: > > Hi everyone, > > Is it somehow possible to route based on source as well as > > destination address? > > man ipfw. > > > Ideally I would like to have 2 different default routes, based on > > the source IP-address. That would enable me to force routing > > through a specific gateway (=ISP). > > Note that for protection purposes, source routing is generally > frowned on, as it's to easily forged. You throw out packets from the > outside world claiming to come from the inside world, and otherwise > don't trust the source. > If I understand correctly, what I want isn't necessarily the same as the frowned upon 'source routing' (though I might be wrong). And as long as I make sure that no packets get into the system claiming to use one of it's IP-addresses (which typical firewall rules do anyway), noone should be able to abuse my routing gimmick from the outside. Thanks for the remarks, looks like I will give ipfw a shot as IPFilter doesn't seem to have that ability. Gerd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000814233710.12115.qmail>