Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 Jul 2007 08:07:08 -0700
From:      Julian Elischer <julian@elischer.org>
To:        Narek Gharibyan <ngharibyan@mail.ru>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Policy - based Routing problem Need help
Message-ID:  <46A8B89C.6090106@elischer.org>
In-Reply-To: <017001c7cf86$daa2ad10$180ca8c0@arm.synisys.com>
References:  <017001c7cf86$daa2ad10$180ca8c0@arm.synisys.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Narek Gharibyan wrote:
> Hi all,
> 
> I have a firewall/router with FreeBSD 6.2 installed on it. 2 ISP connection
> and 2 LAN connections. I need to do a policy-based routing. All I need that
> packets coming from one ISP interface return to that interface (incoming
> connections' source based routing) and the other hand do a IP based routing
> from the LAN (Some packets will goes out via ISP 1 some others via ISP 2
> depending on IPs requested). I tried to do that with ipfw fwd but it didn't
> work any way (e.g. with ip.forwarding enabled or no). Even I've disabled my
> static routes, default gw. Just it do nothing. Sample configs are
> 
> ipfw add fwd ISP_gw from ${my lan} to any via ${eif}
> ipfw add fwd ISP_gw from ${my lan} to any out via ${eif}
> ipfw add fwd ISP_gw from any to any xmit ${eif}
> 
> Ipfw add fwd ISP_gw from any to any via ${eif} out
> 
> I don't use nat, proxy. Just need to route.

not using nat is a problem, because packets from the 
internet will all want to come 
back to you on only one of the interfaces.


usually what is done is to nat on both interfaces, and
use BGP or something to decide which interface is the most efficient
for the packet to go out on.. the return packet 
will come back the same way due to the NATing.

>  
> 
> Please help
> 
>  
> 
> Regards,
> 
> Narek
> 
>  
> 
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46A8B89C.6090106>