On Wednesday 31 December 2003 14:00, Paul Schenkeveld wrote: > On Wed, Dec 31, 2003 at 03:48:11AM -0800, afshin wrote: > > You know I Use ipf with for example pass xl1:1.2.3.4 > > from 1.2.3.5/24 to any > > BUT, The Problem is that when I use this, the 1.2.3.5 > > cannot access the local IPs, > > Without looking at routing tables of the router it > > QUICKLY passes it to the NEW gateway. > > FWIW, I usually do all filtering using ipf but at one site I'm > administering I had to do source routing so I implemented the routing > part with ipfw and the (stateful) filtering with ipf. This works great > there. If needed, I can dig up some config next week and post it here. > > Regards, > > Paul Schenkeveld, Consultant > PSconsult ICT Services BV
ports/security/pf might (once again) be worth a look. See site in my .sig ;) It has the filtering capabilities of ipf (superior fitering capabilites by now) and very flexible and fast routing options. In combination with ALTQ (which is yet to be ported to FreeBSD 5.2) it gives you complete QoS routing. And with its superior state tracking code which can be combined with the routing rules you can even do round-robin or source-hash load balancing over multiple uplinks. BEWARE: port version < 2.01 has a bug in the route-to code (update is pending) Try tarball install of version 2.01 from http://pf4freebsd.love2party.net/ -- Best regards, | [EMAIL PROTECTED] Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] #DragonFlyBSD _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
