I am attempting to use IPFW (and either IPNAT or natd) to do the following:
I have two connections to the outside world coming in to my firewall.
em0 has a static ip and is going to a bridged DSL connection, then
bge1 has a static ip and is going to a a few bonded DS1s. bge0 goes to
my internal network. I am attempting to have NAT on both external
interfaces, and have most outbound traffic move across bge1, while
traffic from/to a particular internal system (We'll call it
internal_system for purposes of this message) to/from a particular
remote system (This we'll call remote_system) port 80 moves across
the DSL line on em0.
Here is an attempt at a pretty ascii picture
Here are the rules I've tried using in congunction with natd:
#Send incoming traffic to natd
00400 divert 8869 ip from any to any in via bge1
00450 divert 8868 ip from any to any in via em0
#Check for internal_system port 80 traffic
0600 skipto 900 from $internal_system to $remote_system 80
#Send Most Traffic out via bge1
00700 divert 8869 ip from $local_net to any in
00750 divert 8869 ip from $local_net to any out
#Send "special" traffic out via em0
00900 divert 8868 ip from $internal_system to $remote_system 80 in
00950 divert 8868 ip from $remote_system to $remote_system 80 out
#policy route to get traffic to the correct ISP
02000 fwd $isp2_gw ip from $isp2_ip to any
02500 fwd $isp1_gw ip from $isp1_ip to any
Two instances of natd are running, one on port 8868 with an alias
address of $isp1_ip, the other is on port 8869 with an alias address
With the above ipfw rules in place, a
$ping -S $isp2_ip google.com
Should result in a ping across em0 to google, however it acts as
though it cannot even reach the $isp2_gw.
I have been able to get everything to work exactly as I want it to
using pf on FreeBSD, but I've been told that ipfw is preferred within
Any suggestions would be greatly appreciated.
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"