[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf and policy routing



   Thanks for your answer but what do you think of using ipfw for routing
   policy and pf for firewalling, is it possible ?
   Huzeyfe Onal a écrit :

     Hi,
     you can use PF's route-to options  for Policy routing..
     On 6/22/06, Sébastien AVELINE [1]<saveline_(_at_)_alinto_(_dot_)_net> wrote:

     Hi,
     I would like to have some advises on pf. I'd like to use pf for
     clustering a firewall and using pfsync.
     Actually I use a Linux Box to do this. The problem is that I have
     specific rules for routing with iproute2 because I got a lot of
     different subnets with multi-homing. It seems that freebsd support
     policy routing only with ipfw.
     My question is : is it possible to use ipfw just for policy routing
     and
     pf just for packet filtering ?
     For example I want to to do something like that :
     I had a default gateway (a) but if I received a packet from
     subnet(c) to
     subnet(d) --> use an another default gateway(y)
                                                                       a
     packet from subnet(a) to subnet(x) -->  use an another default
     gateway(y)
     I wonder if route-to of pf is good for my exemple or if I should
     try
     something else like ipfw for routing and pf for firewalling as I
     said
     above. Actually I'm using freebsd 6.1 for some tests.
     Thanx for your answers.
     Sebastien AVELINE
     _______________________________________________
     [2]freebsd-pf_(_at_)_freebsd_(_dot_)_org mailing list
     [3]http://lists.freebsd.org/mailman/listinfo/freebsd-pf
     To unsubscribe, send any mail to
     [4]"freebsd-pf-unsubscribe_(_at_)_freebsd_(_dot_)_org"

   --
   Sébastien AVELINE [5]saveline_(_at_)_alinto_(_dot_)_net
   Adjoint d'Exploitation
   15 quai Tilsitt - 69002 LYON
   ......................................................................
   .........
   >>> [6]www.alinto.net - The messaging reflex <<<

References

   1. mailto:saveline_(_at_)_alinto_(_dot_)_net
   2. mailto:freebsd-pf_(_at_)_freebsd_(_dot_)_org
   3. http://lists.freebsd.org/mailman/listinfo/freebsd-pf
   4. mailto:freebsd-pf-unsubscribe_(_at_)_freebsd_(_dot_)_org
   5. mailto:saveline_(_at_)_alinto_(_dot_)_net
   6. http://www.alinto.net/
_______________________________________________
freebsd-pf_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe_(_at_)_freebsd_(_dot_)_org"


Visit your host, monkey.org