[ previous ] [ next ] [ threads ]
 From:  gridrun <gridrun at likes dot smart dash girlies dot org>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Policy / Source Based Routing w/ multiple WAN interfaces
 Date:  Wed, 15 Dec 2004 05:44:47 +0100
Hello there!

I recently migrated my network from a shell script based linux firewall 
to m0n0wall - and I am quite very pleased with it!

I am using a 600/500 DSL connection (Swisscom BBCS) with a class C 
network assigned, and I'm using m0n0wall to do firewalling, traffic 
shaping and routing (as I made several subnets out of my class C). The 
m0n0wall is the 1.2b2 cdrom image running on a diskless HP NetServer E60 
with 128MB RAM and a Pentium III 600MHz chip (such a shame they dont 
make those NetServer boxen anymore, heh!) with seven interfaces in total.

Now, my roomie got a 3mbps cablecom connection with dynamic IPs (he's 
also got a linksys cable router that deals with the dynamic IPs, and 
NAT's them to our static LAN IP range), and it would be very nice if we 
could set m0n0 up to do policy based routing. Under Linux 2.2, this 
would be be done with the iproute2 tool (it presumably can also be done 
with netfilter's ROUTE target under 2.4, but I never tried that myself). 
So we could set up policies to route, say, all our web traffic from our 
network(s) via the cable, for speed reasons (think of all the windows 
updates that must be downloaded all the time...) while routing all IRC 
traffic via the static IPs on DSL (just for example). It would be quite 
a powerful tool, I think.

Right now my roomie's boxen on our LAN have his linksys router assigned 
as default gateway, while my LAN boxen have m0n0wall's LAN IP as default 
gateway. We also added a static route on roomie's linksys for my class C 
network, so it will route straight to the m0n0wall if he wants to access 
my DMZ servers, instead of looping via cablecom to TIX (major internet 
exchange in Zurich, Switzerland) and then back via DSL to our place. 
Whenever I need to leech something large from the web, I switch my 
default gateway, and roomie uses a bnc on one of the DMZ servers to get 
via static IP (and a nice vhost) on IRC.

On fBSD (I did some STFW) policy based routing is possible by using 
ipfw, it seems, but I am pretty new to the *BSD world. Made a living 
from writing VB6 programs for Windows, until recently...

Has anyone ever ran into a similar situation/desire/need?  Does someone 
maybe even work on such functionality for m0n0wall? Could anybody 
provide pointers / hints / knowledge / help ?

Maybe I could give it a try and hack an extension for m0n0wall.