Is Port Based Routing Possible?

Drew Tomlinson drew at mykitchentable.net
Sun Oct 19 17:31:20 PDT 2003 

----- Original Message -----
From: "Michael C. Cambria" <mcc at fid4.com>
To: "Drew Tomlinson" <drew at mykitchentable.net>
Sent: Sunday, October 19, 2003 4:03 PM

> Drew Tomlinson wrote:
> > Is there a way to route traffic based on port?  Basically, I want to
have
> > all traffic on port 8080 use the rl0 interface for its gateway and all
other
> > traffic use dc0.  Here is a diagram of my network.
>
> Are you using ipfw?  If so, on your FreeBSD 4.8 machine, an 'fwd' rule
> should let you send anything you want that matches the rule out the port
> you want.  (This is called "policy routing", where your policy bypasses
> the routing database and does what you explicilty tell it to for a given
> set of traffic.)

Thanks for your reply.  I'm adding my network diagram for the benefit of
those that might find this message outside the context of the thread.

         Internet
             |
         Public IP
             |
       ADSL Modem/Router
        192.168.10.1
             |
            dc0
        192.168.10.2
             |
         FBSD 4.8 --------- rl0
             |         192.168.100.2
            dc1              |
             |         192.168.100.1
        192.168.1.2    Neighbor's AP
             |               |
        Internal LAN     Public IP
             |               |
        192.168.1.3       Internet
        Media Server


I am using ipfw and I've tried 'fwd' with no success.  The nat processor can
only redirect packets to addresses on its own subnet so I set it fo forward
to 192.168.100.2 (rl0).  A 'fwd' rule here forwards the packet to
192.168.1.3 but the destination address on the packet remains 192.168.100.2
and the media server ignores the packet.  Running natd with a -redirect_port
switch on the rl0 interface actually rewrites the destination address to
192.168.1.3.  So this gets the packets processed by the media server.

The default route on the gateway is 192.168.10.1 (which is my DSL router).
Thus packets from the media server go out dc0.  I have added a 'fwd
192.168.100.1 from 192.168.1.3 8080 to any' rule in ipfw but no success.
I've also tried 192.168.100.2 but work either.  I'll have to run tcpdump on
the interface and see if I can tell exactly what's going on.  I suspect that
'fwd' might alter the packet so nat doesn't process it?

However addiing a static entry (route add <client ip> 192.168.100.1) gets
the connection working.

> Of course, once out rl0, all machines "down stream" will have to do
> likewise unless their default route sends the packets on port 8080 to
> the right place.

After the packet leaves my FBSD gateway and is on my neighbor's network, his
Linksys router (192.168.100.1) should get it to the right place so I'm OK
there.

Thanks,

Drew

More information about the freebsd-questions mailing list