Advanced routing option
Tom Judge
tom at tomjudge.com
Wed Oct 24 04:48:14 PDT 2007
tonix (Antonio Nati) wrote:
> Tom Judge ha scritto:
>> tonix (Antonio Nati) wrote:
>>> Tom Judge ha scritto:
>>>> tonix (Antonio Nati) wrote:
>>>>> I'm using FreeBSD and Monowall in the most of my servers.
>>>>>
>>>>> One limit I'm facing on both is the lack of an advanced routing
>>>>> feature.
>>>>>
>>>>> Would be too complicated to modify "route" sources (and probably
>>>>> kernel tables) implementing a FROM parameter in ADD command?
>>>>>
>>>>> route add 0.0.0.0/0 210.10.10.1
>>>>> route add FROM 200.1.1.0/24 0.0.0.0/0 210.10.10.10
>>>>> route add FROM 200.1.2.0/24 0.0.0.0/0 210.10.11.11
>>>>>
>>>>> A FROM option would improve a lot routing capabilities and handling
>>>>> of multiple WAN connections.
>>>>>
>>>>> Any comment?
>>>>>
>>>>> Tonino
>>>>>
>>>>
>>>> If you wish to do this type of policy routing you need to use one of
>>>> the firewalls as it can't be done in the routing table. PF can do
>>>> this easily with its route-to option.
>>>>
>>> I feel it is more a routing feature than a fw feature. I don't see
>>> extending routing tables (and relative routing checking) so complicated.
>>>
>>> Tonino
>>
>> It is not that it is not complicated. It is that it is _NOT_
>> _POSSIBLE_ to do this with the FreeBSD routing sub system. You _MUST_
>> do this with a firewall on FreeBSD.
> Not possible with the ACTUAL routing subsystem, or not possible to
> change the code to enhance the subsystem? I'm speaking about modifying
> the code, if necessary.
>
> Tonino
>
Not possible with the current implementation, I don't know about how
feasible it is to add the support you want either. You may want to ask
on net@ to see if anyone there is actively working on this.
However if you are looking for a quick solution you should go the
firewall route.
Tom
More information about the freebsd-isp
mailing list