Dave C. wrote:
> Hi :-)
> I just discovered m0n0wall after few years with smoothwall and ipcop. The
> quality of the code is such, that I'm now studying freebsd and its firewall.
> I'm trying to replace a hand-made linux based firewall (based on firehol)
> with a m0n0wall box. This is a 6 interface box with 2 WAN, 3 DMZ and 1 LAN
> which is providing PPTP connectivity for road warriors + ipsec vpn with
> another office.
> The problem is the 2 WAN interfaces as I need some traffic to go out via a
> cheap ADSL line, while other traffic must go out via a more expensive
> (metered usage) HDSL line.
> In theory, DMZA must go out from WAN (w/o nat whatever), while LAN based
> traffic should go out on the ADSL (OPTx) interface, after proper natting.
I have to admit I'm lurking here without a M0n0wall set up yet but I am
doing this exact thing with freebsd.
take a look at ipfw.
ipfw -q add 101 fwd 192.168.7.1 ip from 192.168.8.0/24 to any out xmit em1
ipfw -q add 201 fwd 192.168.3.1 ip from 192.168.4.0/24 to any out xmit em2
em1 = 192.168.3.2/255.255.255.252
em2 = 192.168.7.2/255.255.255.252
and em0 has both 192.168.4.0 and 192.168.8.0.
It basically catches the packets on the out side of the interface and
puts them back on the stack to go out another interface.
I'm paraphrasing and obfuscating real addresses but it's quite doable
with ipfw. Not so much with ipfilter. I use IPFW for packet management
and ipfilter for filtering.