As of this moment, BSD lacks multiple routing tables -- they're supposed to be in 8. To be honest, even if it was there, I'd still prefer tc & iptables over pf. There's way more flexibility in queueing and there's code that makes it trivial to do whimsical things with your net. With a couple of iptables rules, I could classify sessions with FTP packets with the word "blah" in them into a queue which provides the absolute fastest possible service.
Not to mention that Linux also has a number of different queueing disciplines which are trivial to drop in, so you can go all levels of crazy if you really want to.
The syntax for tc can be crazy making. For example: # ip route add default via $gw0 dev $if0 realm 1 # ip route add default via $gw1 dev $if1 realm 2 # tc filter add dev $if0 parent 1: protocol ip prio 1 u32 match ip sport $port 0xffff route to 1 flowid 1: # tc filter add dev $if1 parent 1: protocol ip prio 1 u32 route to 2 flowid 1:
would be what you'd need to redirect one source port out of one routing table and everything else out the other.
As of this moment, BSD lacks multiple routing tables -- they're supposed to be in 8. To be honest, even if it was there, I'd still prefer tc & iptables over pf. There's way more flexibility in queueing and there's code that makes it trivial to do whimsical things with your net. With a couple of iptables rules, I could classify sessions with FTP packets with the word "blah" in them into a queue which provides the absolute fastest possible service.
Not to mention that Linux also has a number of different queueing disciplines which are trivial to drop in, so you can go all levels of crazy if you really want to.
The syntax for tc can be crazy making. For example:
# ip route add default via $gw0 dev $if0 realm 1
# ip route add default via $gw1 dev $if1 realm 2
# tc filter add dev $if0 parent 1: protocol ip prio 1 u32 match ip sport $port 0xffff route to 1 flowid 1:
# tc filter add dev $if1 parent 1: protocol ip prio 1 u32 route to 2 flowid 1:
would be what you'd need to redirect one source port out of one routing table and everything else out the other.
Check out http://lartc.org/howto
Reply
Leave a comment