Policy Routing natd+ipfw
Julian Elischer
julian at elischer.org
Tue May 8 00:04:25 UTC 2007
Kirk Davis wrote:
>
> Julian Elischer wrote:
>> in -current you can implement a routing table via FWD and tables.
>> in 6.x you need to specify the next hop. and an more explicit rule.
>
> Is there any information floating around on how to do this in current
> using the FWD rules and tables? Any pointer on where to look.
man ipfw on -current
basically you can implement alternate routing tables..
ipfw table 1 add 0.0.0.0/0 4.5.6.7 # default route for table 1
ipfw table 1 add 2.3.4.0/24 5.4.3.2 # but not for packets to 2.3.4.x
ipfw table 2 add 0.0.0.0/0 7.6.5.4 #default route for table 2
ipfw table 2 add 2.3.4.0/24 6.5.4.3 # but differnet route for packets to 2.3.4.x
ipfw add 100 allow ip from 1.2.3.0/24 to any out
ipfw add 110 fwd tablearg ip from 1.2.4.0/24 to table(1) out
ipfw add 120 fwd tablearg ip from 1.2.5.0/24 to table(2) out
>
> Right now I am using fwd rules on our BGP router (Quagga & FreeBSD
> 6.2) to force one of our subnets out a particular interface and avoid
> the routing table but I would prefer to do it more like a dual routing
> table where I can make more routing decisions than just forcing all
> packets from that subnet out the interface. I could test it on one of
> our current boxes.
>
>> julian
>
> ---- Kirk
More information about the freebsd-ipfw
mailing list