Advanced routing option
Tom Judge
tom at tomjudge.com
Wed Oct 24 03:56:26 PDT 2007
tonix (Antonio Nati) wrote:
> Tom Judge ha scritto:
>> tonix (Antonio Nati) wrote:
>>> I'm using FreeBSD and Monowall in the most of my servers.
>>>
>>> One limit I'm facing on both is the lack of an advanced routing feature.
>>>
>>> Would be too complicated to modify "route" sources (and probably
>>> kernel tables) implementing a FROM parameter in ADD command?
>>>
>>> route add 0.0.0.0/0 210.10.10.1
>>> route add FROM 200.1.1.0/24 0.0.0.0/0 210.10.10.10
>>> route add FROM 200.1.2.0/24 0.0.0.0/0 210.10.11.11
>>>
>>> A FROM option would improve a lot routing capabilities and handling
>>> of multiple WAN connections.
>>>
>>> Any comment?
>>>
>>> Tonino
>>>
>>
>> If you wish to do this type of policy routing you need to use one of
>> the firewalls as it can't be done in the routing table. PF can do
>> this easily with its route-to option.
>>
> I feel it is more a routing feature than a fw feature. I don't see
> extending routing tables (and relative routing checking) so complicated.
>
> Tonino
It is not that it is not complicated. It is that it is _NOT_ _POSSIBLE_
to do this with the FreeBSD routing sub system. You _MUST_ do this with
a firewall on FreeBSD.
Tom
More information about the freebsd-isp
mailing list