Re: NAT+RDR vs ROUTING problem

[Koen Maes <kmaes@bru-hub.dhl.com>]

Very nice... but both connections can adhere to all requirements. The problem is
dynamic. Sometimes I sent in mail using MX1 via ext0 and sometimes using MX2 via
ext2. I must be able to dynamicly reply back via the correct gateway. Setting
fixed routing criteria - no matter how many options - is not good enough in this
case :-((

Dries Schellekens wrote:

> On Mon, 10 Jun 2002, Ramin Alidousti wrote:
>
> > On Mon, Jun 10, 2002 at 02:27:53PM +0200, Andreas Forsgren wrote:
> >
> > > Odd,
> > >
> > > I have the exact same problem here. Somehow I got it to work for a day or
> > > two, but then it suddenly stopped. The problem is that incoming packages
> > > arrives on tl0, then gets sent out on xl0 instead.
> > >
> > > Jun 10 13:20:19.413185 rule 119/0(match): pass in on tl0: x.x.x.x >
> > >     y.y.y.y: icmp: echo request (DF)
> > >
> > > Jun 10 13:20:19.413274 rule 125/0(match): pass out on xl0: y.y.y.y >
> > >     x.x.x.x: icmp: echo reply (DF)
> > >
> > > And no, I'd rather not go with Linux... please :)
> >
> > OK, I admit that I don't know much about policy routing with bsd.
> > If bsd has this concept _and_ can hold multiple routing tables _and_
> > multiple default routes, accordingly _and_ can make routing decisions
> > not only based on the dst address but based on other criteria, then
> > you don't need to go with linux ;-)
>
> You can make routing decisions based on src address and port, destination
> address and port, protocol, user and group id with PF.
> The magic of route-to and dup-to.
>
> Dries
> --
> Dries Schellekens
> email: gwyllion@ulyssis.org

[demime 0.98d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]