Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 06 May 2007 13:15:58 -0700
From:      Julian Elischer <julian@elischer.org>
To:        Jason Hills <jazzhills@gmail.com>
Cc:        ipfw@freebsd.org
Subject:   Re: Policy Routing natd+ipfw
Message-ID:  <463E377E.2000300@elischer.org>
In-Reply-To: <33910a2c0705041812s2aaf0b62t785e16abc0decee6@mail.gmail.com>
References:  <33910a2c0705041812s2aaf0b62t785e16abc0decee6@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Jason Hills wrote:
> Hello.
> 
> How can I do policy routing with ipfw+natd?
> 
> I started 2 natd processes, using natd.conf and natd2.conf
> respectively, but things dont work. My rules are:
> 
> ext_ifi1="em0"
> ext_ifi2="em1"
> 
> divert 8668 ip from $net1 to any out via $ext_if1
> divert 8669 ip from $net2 to any out via $ext_if2
> 
> divert 8668 ip from any to any via $ext_if1
> divert 8669 ip from any to any via $ext_if2
> 
> My defaultrouter is the one on $ext_if1.
> 
> It works for port 8668 but doesnt work for 8669 (the second xDSL link)
> 

what version of freeBSD?

in -current you can implement a routing table via FWD and tables.
in  6.x you need to specify the next hop. and an more explicit rule.

the fwd rule is a terminal rule.. (processing does not continue, however
while divert is a termianl rule, the natd reinjects the packet back into the 
firewall at eh rule number AFTER thr rule that did the divert,
so you can treat it as if it was non terminating.

this means that you need to do the NAT before you do the FWD.



julian









Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?463E377E.2000300>