Hi tech-net,
i got access to code rmind@ started on NPF routing on interface and i have completed it and I want to commit it on Monday.
attached is a diff of the work for review.
simple use case:
say you want to route google traffic through bge0 and the rest on bge1.
in /etc/npf.conf,
map $external_interface static $local_subnet -> bge0_IP \ // selectively NATing packets going to google from your internal network
pass to $google_IP
map $external_interface static from $local_subnet -> bge1_IP // rest of packets
procedure : “google-route” {
route : bge0
}
group “internal” on $internal_interface {
pass in final from $local_subnet to any // inbound packets from your home network you want to route
}
group “external” on $external_interface {
pass out final from $local_subnet to $google_IP apply “google-route” // you want google traffic to go through bge0 after NAT
pass out final from $local_subnet to any // follows normal routing
}
we are very fine to have a ruleset like this because an inbound packet which is not for us will
go through through ip_forward and ip_output being filtered again. applying
a route procedure on an outbound rule for the packet being forwarded and it works.
Checks done which mostly copied from ip_output after filtering:
1. source address validity,
2. checksum
3. Fragmentation.
Attachment:
npf_route
Description: Binary data
Emmanuel