On Thu, May 17, 2007 at 05:25:35PM -0700, Kurt Buff wrote: > All, > > Wondering if the following scenario at all rational/feasible: > > [fw-a]------- > | > | > [switch]---[freebsd]---[router]---[many subnets] > | > | > [fw-b]------- > > Fw-a fronts our current T1, and that ties our other two offices > together with IPSec, and is our main inbound mail feed. > > Fw-b is soon to be installed, and will front a new T1. > > The lines are not bonded - they come from different vendors. > > I'd like to forward all individual user traffic (HTTP/FTP/other) out > of the second T1, perhaps with the use of Squid/Frox, leaving our > intra-corporate traffic to go in/out the current T1, and also email.
The easiest why is to use the route-to option in pf. When you pass the traffic from the internal network you mark which link it should go out. pass in quick on $int_if route-to ($fw-a_if $fw-a_ip) ... (some criteria) pass in quick on $int_if route-to ($fw-b_if $fw-b_ip) ... (other criteria) If you are also accepting connections in from the internet then you may want to look at the reply-to option. regards, Andrew _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
