Date: Thu, 12 Feb 1998 09:31:19 -0500 (EST) From: Cliff Addy <fbsdlist@federation.addy.com> To: freebsd-isp@FreeBSD.ORG Subject: Re: FreeBSD firewall questions Message-ID: <Pine.BSF.3.95q.980212091106.11372A-100000@federation.addy.com>
next in thread | raw e-mail | index | archive | help
Thanks for all the input, guys, it was *very* enlightening. However, I think I've come up with a *much* simpler answer that works because of the way we're set up here. The firewall machine is named odo, the router is wormhole, and my test server is tribble. All I did (in the brief experiment I tried) was to tell odo his default route is wormhole. Then I changed tribble's default route from wormhole to odo. Now, running a traceroute to freebsd.org, I get 1 odo.addy.com (207.239.68.128) 0.556 ms 0.416 ms 0.411 ms 2 wormhole.addy.com (207.239.68.1) 2.288 ms 2.161 ms 3.084 ms 3 206.181.190.29 (206.181.190.29) 5.363 ms 3.590 ms 3.281 ms 4 atl2-core2-h4-0.atlas.digex.net (165.117.52.1) 12.520 ms 49.487 ms . . etc. If I read this right, all outgoing traffic is now being routed through odo and I can manipulate traffic with all my nifty tools. Of course, the one drawback I can see is that all traffic is transmitted on the ethernet segment twice, but I can live with that. The only thing left would seem to be that I need to set wormhole to route inbound traffic to odo, but I'm sure I can figure out how to do that. Even if I can't, the real purpose of all this is to measure and meter outbound traffic, anyway. My one concern is: what if odo dies? Can I set up the other FreeBSD machines to "fallback" to wormhole if odo cannot be contacted? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.980212091106.11372A-100000>