Date: Tue, 10 Jun 2008 10:53:18 -0700 From: Julian Elischer <julian@elischer.org> To: Rosli Sukri <roslisukri@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw route to multigateways Message-ID: <484EBF8E.3030006@elischer.org> In-Reply-To: <adc951fe0806100759m26ddc460je9c3eb3fd523c494@mail.gmail.com> References: <adc951fe0806100759m26ddc460je9c3eb3fd523c494@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Rosli Sukri wrote:
> hi
>
> scenario:
> users---->[lan]freebsdipfw[wan]----->{gw1,gw2}
> where gw1 goes to isp1, and gw2 goes to isp2.
easily done but how do you ensure the return packets come back the
same way?
>
>
> requirements:
> ftp, http, https traffic goes to gw1
> telnet, ssh, mail and pop goes to gw2
in -current there are several ways to do this
including:
* multiple routing tables
use a firewall rule to assign incoming packets to different routing
tables for forwarding (setfib) (-current only)
* Forward rule
ipfw add 100 fwd tablearg ip from IP1 to table 1 in xx0
ipfw add 101 fwd tablearg ip from IP2 to table 2 in xx0
and add routing entries into each table
* or just use a single address if you don't need a table:
ipfw add 100 fwd ISP1 ip from IP1 to any in xx0
ipfw add 101 fwd ISP2 ip from IP2 to any in xx0
* natd..
I'm not an expert in this but it can do some of this
* a combination of the above
Natd can be used to NAT your outgoing packets so that the return
packets come back the same way.. either only NAT the packets to one
ISP or Nat them both with different NAT instances. use a fwd rule or
setfib rule to decide which ISP to use and limit the NAT to
processing packets in or out of that interface.
>
> can freebsd ipfw do this?
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?484EBF8E.3030006>