Hello,
I'm trying to do some policy routing with an IPF box (NetBSD 1.6.x) to send some specific traffic for a host in and out via a different service provider, to save us some bandwidth charges. The service provider only supplies us with 1 IP address, so I'm NAT'ing that address from the firewall as follows :
in ipnat.conf :
rdr pppoe0 a.b.c.d/32 port 22 -> 1.2.3.4 port 22
the machine at 1.2.3.4 is multiaddressed, but it should (it's linux, it may not do the right thing ...) send traffic out on the same IP that it received it on.
So, the firewall should get replies to it from 1.2.3.4, that I want to send back out of the pppoe0 interface, not the normal default route, and I also need to NAT it back to the a.b.c.d address (or the hosts trying to connect to it will get very confused ....)
The network looks like this:
ISP 1 ---- \ sip0 (no NAT) NetBSD firewall - sip1 ---- server (1.2.3.4, 1.2.4.4) / pppoe0 (NAT) ISP 2 ----
The firewall's default route is out via sip0 to ISP1, and 1.2.3.0/x and 1.2.4.0/x are real IP address ranges that are routed via sip0 on the firewall by ISP1
My understanding of how to use IPF to do routing is a little sketchy, what I want to know is if I have IPF do route changes to send traffic from 1.2.3.4 ot via pppoe0, will it also NAT that traffic using the rdr rule above? the box is in production and I don't want to break the firewall rules on it in testing this, so if anyone can make any suggestions for what IPF rule(s) I may need that would be great! It's IPF version v3.4.29
I'm thinking something like this :
pass in quick on sip1 to pppoe0:<isp2 router> from 1.2.3.4
will that work in conjunction with this :
pass in quick on pppoe0 from any to 1.2.3.4 flags S/SA keep state
and
ipnat.conf : rdr pppoe0 a.b.c.d/32 port 22 -> 1.2.3.4 port 22
Or am I going the wrong way about this?
Chanks for any suggestions and advice,
Carl
-- ======================= Vivitec Pty. Ltd. Suite 6, 51-55 City Rd. Southbank, 3006. Ph. +61 3 8626 5626 Fax +61 3 9682 1000 =======================
