Date: Wed, 23 May 2007 17:26:31 +0400 From: "Walery Kokarev" <w65l76@gmail.com> To: freebsd-net@freebsd.org Subject: NAT and forward Message-ID: <f9e6f2c60705230626k419908f9nc72b7e61928d5d3d@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
For a long time we have one internet provider, but now we have two. I have to put some of the traffic from one ISP to another judging by the user ip. At the same time certain users should still access internet via old ISP. So I decided to do it on our gateway. 1) translate source ip address; 2) change next-hop of traffic destined for new ISP appropriately. Default route left intact and looks to the old ISP. By now I am doing it that way. 1) use "ipfw divert natd" to assign our address from new ISP's pool; 2) use "ipfw fwd" for policy routing. It works just fine, but this aproach is inconvinient because the details of NAT are hidden. I can not see what translations are active. And I can not see the past: - what was translated? - how it was translated? - when it was started and finished? - how much traffic it took? Log (enabled by -log option) don't give me much idea about what's going on. Actually it shows only aliasing statistics. ipnat was another option, but I failed to figure out is it possible to change next-hop address using ipf. I am thinking about collecting packet headers using tcpdump instead of log to analyze them later. All that happens under FreeBSD 7.0-CURRENT-200702 i386 So, roundup: 1) is it possible to change next-hop using ipf? 2) is it possible to see what natd is doing?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f9e6f2c60705230626k419908f9nc72b7e61928d5d3d>