Re: redirect traffic based on destination port to another interface
On 8/2/07, Julian Elischer <[EMAIL PROTECTED]> wrote: > Rudy Setiawan wrote: > > Hi, > > > > I am trying to do a traffic redirection based on destination port to > > another interface/gateway. > > Currently, I have a freebsd box that does simple NAT and an Internet > > connection. > > I am planning to install another internet connection and use the same > > box to do some traffic redirection. > > > > > > INTERNET1 freebsd box --- INTERNET2 > > | > > | > >Local Area Network > > > > LAN = 192.168.10.0/24 with interface em0 > > INTERNET1-GW = x.x.x.1 with em1 > > INTERNET2-GW = y.y.y.1 with rl0 > > > > My goal is to redirect any ssh traffic to INTERNET2-GW and I assume > > that if it can be redirected through INTERNET2-GW then the packets > > return will go through INTERNET2-GW also. > > > > no, unless you first NAT the packets with the address of that interface. > (otherwise the packets will come back through your primary network). > if yo have cheep dlink or linksys or whatever DSL routers or whatever with NAT > on them then you can use that successfully and just use ipfw 'fwd' rules to > select the interface to use. I see, hmm are you suggesting that the linksys should be placed between the freebsd firewall and the internet? Then do a ipfw fwd rules to in freebsd to select which interface to go and linksys will do all the NAT-ing for those packets respectiveily right? Thank you. Regards, Rudy -- + http://foodblog.rudal.com ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: redirect traffic based on destination port to another interface
Rudy Setiawan wrote: On 8/2/07, Julian Elischer <[EMAIL PROTECTED]> wrote: Rudy Setiawan wrote: Hi, I am trying to do a traffic redirection based on destination port to another interface/gateway. Currently, I have a freebsd box that does simple NAT and an Internet connection. I am planning to install another internet connection and use the same box to do some traffic redirection. INTERNET1 freebsd box --- INTERNET2 | | Local Area Network LAN = 192.168.10.0/24 with interface em0 INTERNET1-GW = x.x.x.1 with em1 INTERNET2-GW = y.y.y.1 with rl0 My goal is to redirect any ssh traffic to INTERNET2-GW and I assume that if it can be redirected through INTERNET2-GW then the packets return will go through INTERNET2-GW also. no, unless you first NAT the packets with the address of that interface. (otherwise the packets will come back through your primary network). if yo have cheep dlink or linksys or whatever DSL routers or whatever with NAT on them then you can use that successfully and just use ipfw 'fwd' rules to select the interface to use. I see, hmm are you suggesting that the linksys should be placed between the freebsd firewall and the internet? Then do a ipfw fwd rules to in freebsd to select which interface to go and linksys will do all the NAT-ing for those packets respectiveily right? exactly Thank you. Regards, Rudy ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: redirect traffic based on destination port to another interface
can you run two instances of natd? Thank you. Regards, Rudy On 8/3/07, Julian Elischer <[EMAIL PROTECTED]> wrote: > Rudy Setiawan wrote: > > On 8/2/07, Julian Elischer <[EMAIL PROTECTED]> wrote: > >> Rudy Setiawan wrote: > >>> Hi, > >>> > >>> I am trying to do a traffic redirection based on destination port to > >>> another interface/gateway. > >>> Currently, I have a freebsd box that does simple NAT and an Internet > >>> connection. > >>> I am planning to install another internet connection and use the same > >>> box to do some traffic redirection. > >>> > >>> > >>> INTERNET1 freebsd box --- INTERNET2 > >>> | > >>> | > >>>Local Area Network > >>> > >>> LAN = 192.168.10.0/24 with interface em0 > >>> INTERNET1-GW = x.x.x.1 with em1 > >>> INTERNET2-GW = y.y.y.1 with rl0 > >>> > >>> My goal is to redirect any ssh traffic to INTERNET2-GW and I assume > >>> that if it can be redirected through INTERNET2-GW then the packets > >>> return will go through INTERNET2-GW also. > >>> > >> no, unless you first NAT the packets with the address of that interface. > >> (otherwise the packets will come back through your primary network). > >> if yo have cheep dlink or linksys or whatever DSL routers or whatever with > >> NAT > >> on them then you can use that successfully and just use ipfw 'fwd' rules > >> to select the interface to use. > > > > I see, hmm are you suggesting that the linksys should be placed > > between the freebsd firewall and the internet? Then do a ipfw fwd > > rules to in freebsd to select which interface to go and linksys will > > do all the NAT-ing for those packets respectiveily right? > > exactly > > > > > Thank you. > > > > Regards, > > Rudy > > -- + http://foodblog.rudal.com ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: bin/115172: [patch] ipfw(8) list show some rules with a wrong format
Synopsis: [patch] ipfw(8) list show some rules with a wrong format Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Fri Aug 3 22:40:33 UTC 2007 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=115172 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: redirect traffic based on destination port to another interface
Rudy Setiawan wrote: can you run two instances of natd? yes. you can even get natd to run two separate translation sets but I hav enever done it. (phk added code to allow that some time ago I believe) of course you don't need that if you have NAT devices on each link anyway. ($40 each..) Thank you. Regards, Rudy On 8/3/07, Julian Elischer <[EMAIL PROTECTED]> wrote: Rudy Setiawan wrote: On 8/2/07, Julian Elischer <[EMAIL PROTECTED]> wrote: Rudy Setiawan wrote: Hi, I am trying to do a traffic redirection based on destination port to another interface/gateway. Currently, I have a freebsd box that does simple NAT and an Internet connection. I am planning to install another internet connection and use the same box to do some traffic redirection. INTERNET1 freebsd box --- INTERNET2 | | Local Area Network LAN = 192.168.10.0/24 with interface em0 INTERNET1-GW = x.x.x.1 with em1 INTERNET2-GW = y.y.y.1 with rl0 My goal is to redirect any ssh traffic to INTERNET2-GW and I assume that if it can be redirected through INTERNET2-GW then the packets return will go through INTERNET2-GW also. no, unless you first NAT the packets with the address of that interface. (otherwise the packets will come back through your primary network). if yo have cheep dlink or linksys or whatever DSL routers or whatever with NAT on them then you can use that successfully and just use ipfw 'fwd' rules to select the interface to use. I see, hmm are you suggesting that the linksys should be placed between the freebsd firewall and the internet? Then do a ipfw fwd rules to in freebsd to select which interface to go and linksys will do all the NAT-ing for those packets respectiveily right? exactly Thank you. Regards, Rudy ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"