Re: NAT+RDR vs ROUTING problem

[Dries Schellekens <gwyllion@ace.ulyssis.org>]

On Mon, 10 Jun 2002, Ramin Alidousti wrote:

> On Mon, Jun 10, 2002 at 02:27:53PM +0200, Andreas Forsgren wrote:
>
> > Odd,
> >
> > I have the exact same problem here. Somehow I got it to work for a day or
> > two, but then it suddenly stopped. The problem is that incoming packages
> > arrives on tl0, then gets sent out on xl0 instead.
> >
> > Jun 10 13:20:19.413185 rule 119/0(match): pass in on tl0: x.x.x.x >
> > 	y.y.y.y: icmp: echo request (DF)
> >
> > Jun 10 13:20:19.413274 rule 125/0(match): pass out on xl0: y.y.y.y >
> > 	x.x.x.x: icmp: echo reply (DF)
> >
> > And no, I'd rather not go with Linux... please :)
>
> OK, I admit that I don't know much about policy routing with bsd.
> If bsd has this concept _and_ can hold multiple routing tables _and_
> multiple default routes, accordingly _and_ can make routing decisions
> not only based on the dst address but based on other criteria, then
> you don't need to go with linux ;-)

You can make routing decisions based on src address and port, destination
address and port, protocol, user and group id with PF.
The magic of route-to and dup-to.


Dries
-- 
Dries Schellekens
email: gwyllion@ulyssis.org