Date: Mon, 15 Sep 2003 15:06:42 +0200 (CEST) From: Christian Kratzer <ck@cksoft.de> To: Martin Bartelds <bts@iae.nl> Cc: "ipfw@freebsd.org" <ipfw@freebsd.org> Subject: Re: IPFW/routing wishes Message-ID: <20030915150519.O3146@vesihiisi.cksoft.de> In-Reply-To: <200309151438.1937858.6@btsoftware.com> References: <200309151438.1937858.6@btsoftware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Mon, 15 Sep 2003, Martin Bartelds wrote: > What I do seriously mis in FreeBSD, is the possibilty to have NATD active > on more then 1 network address/card and do packet routing based > on packet information. > > For example: All external network interfaces X and Y serving their own requests, > routing all trafic from the firewall's system to interface X and all > other trafic (ie from the internal network) to interface Y. > > The Activition mechanism (the rules) of IPFW and NATD seem to > be integrated with the actual firewall. Understandable, because once > matching has been done, the FW rule can be applied easily. Activation > of NATD handling is done with the divert as a result of the matching mechanism. > > Running 2 NATD's is possible, but ends up with the wrong "source" > address in the packets supposed to go to one of the cards. > IE one NATD works fine, the other creates packets with the wrong source > address going to the wrong outgoing network card (and as such have > conflicts with the firewall rules, apart from going to the wrong card and > as such abusing the ISP). [snipp] I have successfully run multiple natds on different outside interfaces and had absolutely no problems in doing so. Of course you need to two different divert ports but the configuration was pretty trivial. Can you show a specific config you had problems with ? Greetings Christian -- CK Software GmbH Christian Kratzer, Schwarzwaldstr. 31, 71131 Jettingen Email: ck@cksoft.de Phone: +49 7452 889-135 Open Software Solutions, Network Security Fax: +49 7452 889-136 FreeBSD spoken here!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030915150519.O3146>