[Xorp-hackers] Query on Policy-Based Routing
Andrea Bittau
a.bittau@cs.ucl.ac.uk
Fri, 12 Aug 2005 10:28:02 +0100
On Fri, Aug 12, 2005 at 10:38:53AM +0200, Kristian Larsson wrote:
> On FreeBSD most of this can be done with IPFilter.
> OpenBSD has it mostly implemented through pf. pf
fbsd 5 has pf.
> prefixes and their originating AS to pf which then
> can filter based on AS. If XORP could do this it
> would kick ass :)
What's the story with divert and forward? Can they help?
On linux i used to use firewall marks, and then iproute2 to do weird routing
based on firewall marks. E.g. mark packets on specific TCP port, then use a
different routing table from them.
On fbsd i can do it with ipfw by diverting packets to userland, then playing
with natd for example to change IPs, or just write something to mangle packets,
then you can route them to a different nexthop / interface with the forward
command in ipfw.
I'm not sure if this is what you are asking...