From owner-freebsd-ipfw@FreeBSD.ORG  Fri Aug  3 01:14:38 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CF2E216A417
	for <freebsd-ipfw@freebsd.org>; Fri,  3 Aug 2007 01:14:38 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from outI.internet-mail-service.net (outI.internet-mail-service.net
	[216.240.47.232])
	by mx1.freebsd.org (Postfix) with ESMTP id B726713C45D
	for <freebsd-ipfw@freebsd.org>; Fri,  3 Aug 2007 01:14:38 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160)
	by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP;
	Thu, 02 Aug 2007 18:14:38 -0700
Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100])
	by idiom.com (Postfix) with ESMTP id 5BD17125A25;
	Thu,  2 Aug 2007 18:14:37 -0700 (PDT)
Message-ID: <46B2817C.6010609@elischer.org>
Date: Thu, 02 Aug 2007 18:14:36 -0700
From: Julian Elischer <julian@elischer.org>
User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728)
MIME-Version: 1.0
To: Rudy Setiawan <rudal999@gmail.com>
References: <8b24e4de0708021606h5bbee266xb3a4814962d26643@mail.gmail.com>
In-Reply-To: <8b24e4de0708021606h5bbee266xb3a4814962d26643@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org
Subject: Re: redirect traffic based on destination port to another interface
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Aug 2007 01:14:38 -0000

Rudy Setiawan wrote:
> Hi,
> 
> I am trying to do a traffic redirection based on destination port to
> another interface/gateway.
> Currently, I have a freebsd box that does simple NAT and an Internet connection.
> I am planning to install another internet connection and use the same
> box to do some traffic redirection.
> 
> 
> INTERNET1 -------- freebsd box ------- INTERNET2
>                                  |
>                                  |
>                        Local Area Network
> 
> LAN = 192.168.10.0/24 with interface em0
> INTERNET1-GW = x.x.x.1 with em1
> INTERNET2-GW = y.y.y.1 with rl0
> 
> My goal is to redirect any ssh traffic to INTERNET2-GW and I assume
> that if it can be redirected through INTERNET2-GW then the packets
> return will go through INTERNET2-GW also.
> 

no, unless you first NAT the packets with the address of that interface.
(otherwise the packets will come back through your primary network).
if yo have cheep dlink or linksys or whatever DSL routers or whatever with NAT
on them then you can use that successfully and just use ipfw 'fwd' rules to select the interface to use.


> Is it possible to do that way with ipfw or natd?

yes but you need both forwarding and nat..


> 
> Thank you
> 
> Regards,
> Rudy
> 
>