Re: NAT+RDR vs ROUTING problem

[Ramin Alidousti <ramin@cannon.eng.us.uu.net>]

On Mon, Jun 10, 2002 at 03:56:25PM +0200, Dries Schellekens wrote:

> On Mon, 10 Jun 2002, Ramin Alidousti wrote:
> 
> > > You can make routing decisions based on src address and port, destination
> > > address and port, protocol, user and group id with PF.
> 
> Sorry, based on user and group id is not possible.

Don't worry :-) It's not a biggy. Although just FYI, linux does this,
even based on the "name" of the local process which generated the
traffic.

Ramin

> > > The magic of route-to and dup-to.
> >
> > Cool. So, this is Koen's solution. Here is what you could do off the
> > bat (although there are more elegant solutions):
> >
> > You set up two private IP's on your internal MX server, one which
> > gets mapped by one external IP and the other for the mapping of
> > the other external IP. Then when the replies go out you make the
> > routing decision based on the src through the right interface.
> > A breeze...
> 
> I just suggested the same to Koen in a private email :-)
> 
> BTW this is only possible with -current, since this weekend.
> The thread "PF and route-to" discuss the problem with route-to + NAT in 3.1:
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=102340725225889&w=2
> 
> 
> Dries
> -- 
> Dries Schellekens
> email: gwyllion@ulyssis.org