Policy Routing natd+ipfw
Julian Elischer
julian at elischer.org
Sun May 6 20:15:58 UTC 2007
Jason Hills wrote:
> Hello.
>
> How can I do policy routing with ipfw+natd?
>
> I started 2 natd processes, using natd.conf and natd2.conf
> respectively, but things dont work. My rules are:
>
> ext_ifi1="em0"
> ext_ifi2="em1"
>
> divert 8668 ip from $net1 to any out via $ext_if1
> divert 8669 ip from $net2 to any out via $ext_if2
>
> divert 8668 ip from any to any via $ext_if1
> divert 8669 ip from any to any via $ext_if2
>
> My defaultrouter is the one on $ext_if1.
>
> It works for port 8668 but doesnt work for 8669 (the second xDSL link)
>
what version of freeBSD?
in -current you can implement a routing table via FWD and tables.
in 6.x you need to specify the next hop. and an more explicit rule.
the fwd rule is a terminal rule.. (processing does not continue, however
while divert is a termianl rule, the natd reinjects the packet back into the
firewall at eh rule number AFTER thr rule that did the divert,
so you can treat it as if it was non terminating.
this means that you need to do the NAT before you do the FWD.
julian
More information about the freebsd-ipfw
mailing list