[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: routing
From:       Attila Nagy <bra () fsn ! hu>
Date:       2002-01-31 12:17:31
[Download RAW message or body]

Hello,

> I'm not clear on what you're trying to do.
I have two external interfaces:
tun0 (which is an ADSL PPPoE device) and fxp0 (which connects to a
router).
tun0 goes to ISP1 and fxp0 goes to ISP2. tun0 has an Internet routeable IP
address and an other address for its default gw (the other end of the PPP
connection).
fxp0 has an address of 10.0.0.2 in my example and has a default route of
10.0.0.1 which is a router with NAT functionality (but 10.0.0.2 could be
a routeable address, this is indifferent).
In short, I have to do policy routing.
That is, I have to route packets, matching a criteria via tun0 and other
packets through fxp0.
I also have to do NAT for packets, coming in on fxp1. The NAT address
should be 1.2.3.4 in the case of tun0 and 10.0.0.2 in the case of fxp0 as
the outgoing interface.

I had to solve this problem at a company and I couldn't with BSD/IPF. So
my colleagues installed Linux/2.4 and used netfilter/iproute to do this.
This way they could mark packets which match a criteria (in this case tcp
port 80) and could use iproute to set up different route tables for
differently marked packets.

In IPF I guess this is what the route-to (or via?) option is for, but I
could not set up a working machine with that.

> What's out tun0? A box connected to the Internet with a default route
> that doesn't go through tun0?
Nope. tun0 is just a PPP interface with a default route.

--------------------------------------------------------------------------
Attila Nagy                                    e-mail:  Attila.Nagy@fsn.hu
Budapest Polytechnic (BMF.HU)                   @work: +361 210 1415 (194)
H-1084 Budapest, Tavaszmezo u. 15-17.           cell.: +3630 306 6758



[prev in list] [next in list] [prev in thread] [next in thread]