[ previous ] [ next ] [ threads ]
 
 From:  "Dave C." <mono at comm dot it>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Source Based Routing
 Date:  Tue, 16 Mar 2004 17:57:05 +0100 
Hi :-)

I just discovered m0n0wall after few years with smoothwall and ipcop. The
quality of the code is such, that I'm now studying freebsd and its firewall.

I'm trying to replace a hand-made linux based firewall (based on firehol)
with a m0n0wall box. This is a 6 interface box with 2 WAN, 3 DMZ and 1 LAN
which is providing PPTP connectivity for road warriors + ipsec vpn with
another office.

The problem is the 2 WAN interfaces as I need some traffic to go out via a
cheap ADSL line, while other traffic must go out via a more expensive
(metered usage) HDSL line.

In theory, DMZA must go out from WAN (w/o nat whatever), while LAN based
traffic should go out on the ADSL (OPTx) interface, after proper natting.

I'm at a loss on how to configure the static routing for this to happen.

Also I have another problem with Natting. That is, the current NAT
implementation works on Source/Destination couples. That is, I have to know
the destination of each packet to nat it.

On the contrary, I will need to NAT some traffic going out on a specific
interface, regardless of the destination. Is this possible?

Thank you,
Dave.

PS: I'm working on a generic-pc hackers guide right now, as I don't have an
access to a 4511 and think a generic development platform will buy more
developers than a custom hardware.... myself included :)