List Info

Thread: pf and policy routing
pf and policy routing
user name
 2006-06-22 15:53:47 
Hi,

I would like to have some advises on pf. I'd like to use pf
for 
clustering a firewall and using pfsync.
Actually I use a Linux Box to do this. The problem is that I
have 
specific rules for routing with iproute2 because I got a lot
of 
different subnets with multi-homing. It seems that freebsd
support 
policy routing only with ipfw.
My question is : is it possible to use ipfw just for policy
routing and 
pf just for packet filtering ?
For example I want to to do something like that :

I had a default gateway (a) but if I received a packet from
subnet(c) to 
subnet(d) --> use an another default gateway(y)
                                                            
     a 
packet from subnet(a) to subnet(x) -->  use an another
default gateway(y)


I wonder if route-to of pf is good for my exemple or if I
should try 
something else like ipfw for routing and pf for firewalling
as I said 
above. Actually I'm using freebsd 6.1 for some tests.

Thanx for your answers.


Sebastien AVELINE
      
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
pf and policy routing
user name
 2006-06-22 16:00:58 
Hi,

you can use PF's route-to options  for Policy routing..


On 6/22/06, Sébastien AVELINE <savelinealinto.net> wrote:
> Hi,
>
> I would like to have some advises on pf. I'd like to
use pf for
> clustering a firewall and using pfsync.
> Actually I use a Linux Box to do this. The problem is
that I have
> specific rules for routing with iproute2 because I got
a lot of
> different subnets with multi-homing. It seems that
freebsd support
> policy routing only with ipfw.
> My question is : is it possible to use ipfw just for
policy routing and
> pf just for packet filtering ?
> For example I want to to do something like that :
>
> I had a default gateway (a) but if I received a packet
from subnet(c) to
> subnet(d) --> use an another default gateway(y)
>                                                        
          a
> packet from subnet(a) to subnet(x) -->  use an
another default gateway(y)
>
>
> I wonder if route-to of pf is good for my exemple or if
I should try
> something else like ipfw for routing and pf for
firewalling as I said
> above. Actually I'm using freebsd 6.1 for some tests.
>
> Thanx for your answers.
>
>
> Sebastien AVELINE
>
> _______________________________________________
> freebsd-pffreebsd.org mailing list
> 
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
>


-- 
Huzeyfe ÖNAL
+90 505 5260064
---
Ag Guvenligi Listesine uye oldunuz mu?
http://www.huzeyfe
.net/netsec.html
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
pf and policy routing
user name
 2006-06-22 16:31:52 
   Thanks for your answer but what do you think of using
ipfw for routing
   policy and pf for firewalling, is it possible ?
   Huzeyfe Onal a écrit :

     Hi,
     you can use PF's route-to options  for Policy
routing..
     On 6/22/06, Sébastien AVELINE [1]<savelinealinto.net> wrote:

     Hi,
     I would like to have some advises on pf. I'd like to
use pf for
     clustering a firewall and using pfsync.
     Actually I use a Linux Box to do this. The problem is
that I have
     specific rules for routing with iproute2 because I got
a lot of
     different subnets with multi-homing. It seems that
freebsd support
     policy routing only with ipfw.
     My question is : is it possible to use ipfw just for
policy routing
     and
     pf just for packet filtering ?
     For example I want to to do something like that :
     I had a default gateway (a) but if I received a packet
from
     subnet(c) to
     subnet(d) --> use an another default gateway(y)
                                                            
          a
     packet from subnet(a) to subnet(x) -->  use an
another default
     gateway(y)
     I wonder if route-to of pf is good for my exemple or if
I should
     try
     something else like ipfw for routing and pf for
firewalling as I
     said
     above. Actually I'm using freebsd 6.1 for some tests.
     Thanx for your answers.
     Sebastien AVELINE
     _______________________________________________
     [2]freebsd-pffreebsd.org mailing list
     [3]
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
     To unsubscribe, send any mail to
     [4]"freebsd-pf-unsubscribefreebsd.org"

   --
   Sébastien AVELINE [5]savelinealinto.net
   Adjoint d'Exploitation
   15 quai Tilsitt - 69002 LYON
  
............................................................
..........
   .........
   >>> [6]www.alinto.net - The messaging reflex
<<<

References

   1. mailto:savelinealinto.net
   2. mailto:freebsd-pffreebsd.org
   3. 
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
   4. mailto:freebsd-pf-unsubscribefreebsd.org
   5. mailto:savelinealinto.net
   6. http://www.alinto.net/
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
pf and policy routing
user name
 2006-06-22 16:36:18 
On Thursday 22 June 2006 17:53, Sébastien AVELINE wrote:
> I would like to have some advises on pf. I'd like to
use pf for
> clustering a firewall and using pfsync.
> Actually I use a Linux Box to do this. The problem is
that I have
> specific rules for routing with iproute2 because I got
a lot of
> different subnets with multi-homing. It seems that
freebsd support
> policy routing only with ipfw.
> My question is : is it possible to use ipfw just for
policy routing and
> pf just for packet filtering ?
> For example I want to to do something like that :
>
> I had a default gateway (a) but if I received a packet
from subnet(c) to
> subnet(d) --> use an another default gateway(y)
>                                                        
          a
> packet from subnet(a) to subnet(x) -->  use an
another default gateway(y)
>
>
> I wonder if route-to of pf is good for my exemple or if
I should try
> something else like ipfw for routing and pf for
firewalling as I said
> above. Actually I'm using freebsd 6.1 for some tests.
>
> Thanx for your answers.

http://
openbsd.org/faq/pf/pools.html#outgoing

-- 
/"\  Best regards,                      | mlaierfreebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.l
ove2party.net/  | mlaierEFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail
and News
pf and policy routing
user name
 2006-06-22 17:18:24 
 
> 
> Thanks for your answer but what do you think of using
ipfw 
> for routing policy and pf for firewalling, is it
possible ?

With two active packet filters in the system, I would not
like to be the one
trying to debug problems. 

One can do policy based routing in PF using route-to.


Greg

_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1-5]

about | contact  Other archives ( Real Estate discussion Medical topics )