[ previous ] [ next ] [ threads ]
 From:  Andrew Lewis <andrew at coastal dot com>
 To:  "Dave C." <mono at comm dot it>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Source Based Routing
 Date:  Tue, 16 Mar 2004 16:37:00 -0500
Dave C. wrote:
> Hi :-)
> I just discovered m0n0wall after few years with smoothwall and ipcop. The
> quality of the code is such, that I'm now studying freebsd and its firewall.
> I'm trying to replace a hand-made linux based firewall (based on firehol)
> with a m0n0wall box. This is a 6 interface box with 2 WAN, 3 DMZ and 1 LAN
> which is providing PPTP connectivity for road warriors + ipsec vpn with
> another office.
> The problem is the 2 WAN interfaces as I need some traffic to go out via a
> cheap ADSL line, while other traffic must go out via a more expensive
> (metered usage) HDSL line.
> In theory, DMZA must go out from WAN (w/o nat whatever), while LAN based
> traffic should go out on the ADSL (OPTx) interface, after proper natting.

I have to admit I'm lurking here without a M0n0wall set up yet but I am 
doing this exact thing with freebsd.

take a look at ipfw.

ipfw -q add 101 fwd ip from to any out xmit em1

ipfw -q add 201 fwd ip from to any out xmit em2

em1 =
em2 =

and em0 has both and

It basically catches the packets on the out side of the interface and 
puts them back on the stack to go out another interface.

I'm paraphrasing and obfuscating real addresses but it's quite doable 
with ipfw.  Not so much with ipfilter.  I use IPFW for packet management 
and ipfilter for filtering.