I have some questions for anyone with some IPFW/IPFWCMP experience. NetFilter experience would be beneficial as well...
I have a BSDi box I'm trying to get to do some NAT-ing. In Linux 2.4 the NetFilter code incorporated the NAT subsystem previously requiring IP Route2 and/or queueing, etc... Could it be possible that IPFW (since it is supposed to be so good) manages this as well? Here is the problem I am attempting to solve: BigIP loadbalancers from F5 Networks, configured as a Router/LB machine (as opposed to bridging). When accessing a Virtual IP (VIP) from one of the machines behind the BigIP, I am handed off to another node on the same subnet. That machine sees the Src address and attempts to respond directly causing the triangle of death (the originating machine is expecting a response from the Virtual IP, not the node's real address). The BigIP's have a built-in NAT which will NAT the source address for any traffic from specified nodes going through the BigIP's, solving this problem but causing others... I need to be able to control the NAT so that it only NAT's traffic which will go to a another node on the same subnet. In NetFilter I would do something like the following: iptables -t nat -A POSTROUTING -s <HOST OR SUBNET> -d <Same Subnet> -j SNAT --to-source <some outside address to force routing> Thanks for any assistance you might be able to give, I know that IPFW is popular even on Linux, and I am hoping someone will be able to figure out my NetFilter translation :) Matt
msg07845/pgp00000.pgp
Description: PGP signature
