[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT+RDR vs ROUTING problem
On Mon, Jun 10, 2002 at 03:56:25PM +0200, Dries Schellekens wrote:
> On Mon, 10 Jun 2002, Ramin Alidousti wrote:
> > > You can make routing decisions based on src address and port, destination
> > > address and port, protocol, user and group id with PF.
> Sorry, based on user and group id is not possible.
Don't worry :-) It's not a biggy. Although just FYI, linux does this,
even based on the "name" of the local process which generated the
> > > The magic of route-to and dup-to.
> > Cool. So, this is Koen's solution. Here is what you could do off the
> > bat (although there are more elegant solutions):
> > You set up two private IP's on your internal MX server, one which
> > gets mapped by one external IP and the other for the mapping of
> > the other external IP. Then when the replies go out you make the
> > routing decision based on the src through the right interface.
> > A breeze...
> I just suggested the same to Koen in a private email :-)
> BTW this is only possible with -current, since this weekend.
> The thread "PF and route-to" discuss the problem with route-to + NAT in 3.1:
> Dries Schellekens
> email: firstname.lastname@example.org