Two natd daemons
Ash
omniBSD at speakeasy.net
Sat Apr 23 07:26:48 PDT 2005
Alexandr Lookoshkoff wrote:
> Hello freebsd-questions,
>
> I have gateway with two external links and want to some users using
> second link. How it can be done?
>
> Is it possible via two copyes of natd running?
>
What you are asking involves making a routing decision based on the
source IP (sometimes called Policy Based Routing or Source Based
Routing, depending on the vendor). IP Routing decisions are typically
based on the destination address, not the source. What you want is some
mechanism that will make route decisions based on the source address
(i.e. packets with a source address from network A get routed out of
interface 1 to gateway 1, while packets from Network B get routed out
of interface 2 to gateway 2).
I haven't used ipfw/natd in years, so I honestly don't know if natd/ipfw
will allow you to do what you want. However, I do know that Packet
Filter (pf(4) ported over to FreeBSD from OpenBSD) will allow you to do
this. Check out pf.conf(5)'s man page and do a search for "route-to".
You might want to check out Peter N. M. Hansteen's "Firewalling with
with OpenBSD's PF packet filter":
http://www.bgnett.no/~peter/pf/en/long-firewall.html
As well as the official user's guide:
ftp://ftp.openbsd.org/pub/OpenBSD/doc/pf-faq.txt
Good luck to you,
-Ash
More information about the freebsd-questions
mailing list