Date: Sat, 23 Apr 2005 09:30:16 -0500 From: Ash <omniBSD@speakeasy.net> To: Alexandr Lookoshkoff <alcr@inbox.ru> Cc: freebsd-questions@freebsd.org Subject: Re: Two natd daemons Message-ID: <426A5BF8.10505@speakeasy.net> In-Reply-To: <141232174.20050422120552@inbox.ru> References: <141232174.20050422120552@inbox.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexandr Lookoshkoff wrote: > Hello freebsd-questions, > > I have gateway with two external links and want to some users using > second link. How it can be done? > > Is it possible via two copyes of natd running? > What you are asking involves making a routing decision based on the source IP (sometimes called Policy Based Routing or Source Based Routing, depending on the vendor). IP Routing decisions are typically based on the destination address, not the source. What you want is some mechanism that will make route decisions based on the source address (i.e. packets with a source address from network A get routed out of interface 1 to gateway 1, while packets from Network B get routed out of interface 2 to gateway 2). I haven't used ipfw/natd in years, so I honestly don't know if natd/ipfw will allow you to do what you want. However, I do know that Packet Filter (pf(4) ported over to FreeBSD from OpenBSD) will allow you to do this. Check out pf.conf(5)'s man page and do a search for "route-to". You might want to check out Peter N. M. Hansteen's "Firewalling with with OpenBSD's PF packet filter": http://www.bgnett.no/~peter/pf/en/long-firewall.html As well as the official user's guide: ftp://ftp.openbsd.org/pub/OpenBSD/doc/pf-faq.txt Good luck to you, -Ash
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?426A5BF8.10505>