Monthly Archive for October, 2009

Bind an outgoing IP address while using jumpgate

jumpgate is a simple TCP proxy for lazy people like me.
This is my patch. You can use it freely under the 2 clause BSD license.

Usage: jumpgate -B

FreeBSD: policy routing with pf in 7-STABLE is BROKEN

pass in quick on $wan1 reply-to ($wan1 $wan1gw) from !$wan1net to ($wan1) keep state
pass out  route-to ($wan1 $wan1gw) proto {udp, icmp} from $wan1net to any no state
pass out  route-to ($wan1 $wan1gw) proto tcp from $wan1net to any flags any no state

In FreeBSD 7.0, the pf.conf above worked. But it doesn’t work in recent 7-STABLE. The TCP session may connect successfully, but the performance is very very poor (~ 1KB/s).

I have do some research for days, but have no idea. Now I use ipfw to do policy routing…