[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT+RDR vs ROUTING problem
On Mon, 10 Jun 2002, Ramin Alidousti wrote:
> On Mon, Jun 10, 2002 at 02:27:53PM +0200, Andreas Forsgren wrote:
> > Odd,
> > I have the exact same problem here. Somehow I got it to work for a day or
> > two, but then it suddenly stopped. The problem is that incoming packages
> > arrives on tl0, then gets sent out on xl0 instead.
> > Jun 10 13:20:19.413185 rule 119/0(match): pass in on tl0: x.x.x.x >
> > y.y.y.y: icmp: echo request (DF)
> > Jun 10 13:20:19.413274 rule 125/0(match): pass out on xl0: y.y.y.y >
> > x.x.x.x: icmp: echo reply (DF)
> > And no, I'd rather not go with Linux... please :)
> OK, I admit that I don't know much about policy routing with bsd.
> If bsd has this concept _and_ can hold multiple routing tables _and_
> multiple default routes, accordingly _and_ can make routing decisions
> not only based on the dst address but based on other criteria, then
> you don't need to go with linux ;-)
You can make routing decisions based on src address and port, destination
address and port, protocol, user and group id with PF.
The magic of route-to and dup-to.