From owner-freebsd-ipfw@FreeBSD.ORG Sun May 6 20:15:58 2007 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 91E9016A401 for ; Sun, 6 May 2007 20:15:58 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outO.internet-mail-service.net (outO.internet-mail-service.net [216.240.47.238]) by mx1.freebsd.org (Postfix) with ESMTP id 808F013C448 for ; Sun, 6 May 2007 20:15:58 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Sun, 06 May 2007 13:15:58 -0700 Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 1899E125B53; Sun, 6 May 2007 13:15:56 -0700 (PDT) Message-ID: <463E377E.2000300@elischer.org> Date: Sun, 06 May 2007 13:15:58 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.0 (Macintosh/20070326) MIME-Version: 1.0 To: Jason Hills References: <33910a2c0705041812s2aaf0b62t785e16abc0decee6@mail.gmail.com> In-Reply-To: <33910a2c0705041812s2aaf0b62t785e16abc0decee6@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: ipfw@freebsd.org Subject: Re: Policy Routing natd+ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 May 2007 20:15:58 -0000 Jason Hills wrote: > Hello. > > How can I do policy routing with ipfw+natd? > > I started 2 natd processes, using natd.conf and natd2.conf > respectively, but things dont work. My rules are: > > ext_ifi1="em0" > ext_ifi2="em1" > > divert 8668 ip from $net1 to any out via $ext_if1 > divert 8669 ip from $net2 to any out via $ext_if2 > > divert 8668 ip from any to any via $ext_if1 > divert 8669 ip from any to any via $ext_if2 > > My defaultrouter is the one on $ext_if1. > > It works for port 8668 but doesnt work for 8669 (the second xDSL link) > what version of freeBSD? in -current you can implement a routing table via FWD and tables. in 6.x you need to specify the next hop. and an more explicit rule. the fwd rule is a terminal rule.. (processing does not continue, however while divert is a termianl rule, the natd reinjects the packet back into the firewall at eh rule number AFTER thr rule that did the divert, so you can treat it as if it was non terminating. this means that you need to do the NAT before you do the FWD. julian