Policy-based routing with ipf

To: tech-net%netbsd.org@localhost
Subject: Policy-based routing with ipf
From: Stephen Borrill <netbsd%precedence.co.uk@localhost>
Date: Thu, 4 Jul 2024 17:22:54 +0100 (BST)

I need to implement policy-based routing with ipf and I'm struggling toparse ipf.conf(5). I have a NetBSD host directly connected to two LANs(with forwarding enabled). I also have another box directly connected tosame LANs with forwarding enabled which, for tedious reasons (to do withtransparent web filtering), is set as the default gateway on the clients.


  10.3.0.1 <-> NetBSD <-> 192.168.102.1
10.3.0.254 <-> filter <-> 192.168.102.254

A client on the 192.168.102.x range can connect to things on 10.3.0.xrange in general. However, it cannot connect to the NetBSD box as thepacket is coming in on the wrong interface and the routing table sends itback on the direct interface (i.e. 192.168.102.10 reaches 10.3.0.1 via10.3.0.254, but the NetBSD box replies from 192.168.102.1).

The NetBSD box is doing DHCP on both interfaces. dhcpd does not seem tosupport specifying additional static routes.

My plan is to use policy-based routing to direct matched traffic back to192.168.102.x via 10.3.0.254 (e.g. http or smb). I cannot work out how toachieve this from the man page though.


Any hints?

--
Stephen

Follow-Ups:
- Re: Policy-based routing with ipf
  - From: Michael van Elst

Prev by Date: Re: Connection closed when npf restarting with rules in non-default group
Next by Date: Re: Policy-based routing with ipf
Previous by Thread: Connection closed when npf restarting with rules in non-default group
Next by Thread: Re: Policy-based routing with ipf
Indexes:

Home | Main Index | Thread Index | Old Index