[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-net
Subject: Re: Source Routing
From: Max Laier <max () love2party ! net>
Date: 2003-12-31 13:31:16
Message-ID: 200312311431.16869.max () love2party ! net
[Download RAW message or body]
On Wednesday 31 December 2003 14:00, Paul Schenkeveld wrote:
> On Wed, Dec 31, 2003 at 03:48:11AM -0800, afshin wrote:
> > You know I Use ipf with for example pass xl1:1.2.3.4
> > from 1.2.3.5/24 to any
> > BUT, The Problem is that when I use this, the 1.2.3.5
> > cannot access the local IPs,
> > Without looking at routing tables of the router it
> > QUICKLY passes it to the NEW gateway.
>
> FWIW, I usually do all filtering using ipf but at one site I'm
> administering I had to do source routing so I implemented the routing
> part with ipfw and the (stateful) filtering with ipf. This works great
> there. If needed, I can dig up some config next week and post it here.
>
> Regards,
>
> Paul Schenkeveld, Consultant
> PSconsult ICT Services BV
ports/security/pf might (once again) be worth a look. See site in my .sig ;)
It has the filtering capabilities of ipf (superior fitering capabilites by
now) and very flexible and fast routing options. In combination with ALTQ
(which is yet to be ported to FreeBSD 5.2) it gives you complete QoS routing.
And with its superior state tracking code which can be combined with the
routing rules you can even do round-robin or source-hash load balancing over
multiple uplinks.
BEWARE: port version < 2.01 has a bug in the route-to code (update is pending)
Try tarball install of version 2.01 from http://pf4freebsd.love2party.net/
--
Best regards, | max@love2party.net
Max Laier | ICQ #67774661
http://pf4freebsd.love2party.net/ | mlaier@EFnet #DragonFlyBSD
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic