Date: Tue, 5 Jun 2001 20:01:07 +0200 From: Alson van der Meulen <freebsd@alson.linuxfreak.nl> To: "'freebsd-isp@freebsd.org'" <freebsd-isp@freebsd.org> Subject: Re: Routing over two 'channels' Message-ID: <20010605200106.N15640@md2.mediadesign.nl> In-Reply-To: <510EAC2065C0D311929200A0247252622F778B@NETIVITY-FS>; from enriko.groen@netivity.nl on Tue, Jun 05, 2001 at 05:08:50PM %2B0200 References: <510EAC2065C0D311929200A0247252622F778B@NETIVITY-FS>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 05, 2001 at 05:08:50PM +0200, Enriko Groen wrote: > Hi, > > I'm trying to find a solution. My company is a small hosting provider and > I'm introducing some FreeBSD boxes. However I ran into a problem. We have > several internet connections: > fiber, ADSL and cable. I currently have one firewall which I would like to > route traffic to/from our servers to the different connections. The firewall > is a FreeBSD 4.2 box. > > Is there a way to do some intelligent routing? I would like the firewall to > talk back through the channel it was connected through. So if a client > connects through the ip attached to the ADSL modem, it talks back through > the same channel as the request came through. > > Can this be done by some routing program, or maybe NAT. Or should I look > into a standalone prefab router? Any suggestion are welcome. just doing doing destination NAT (masquerade the source ip) should do the trick, the same idea as using source NAT to have multiple local boxes use the same public ip, with destination NAT multiple public ip's are NATted to one private IP doesn't appear very difficult to me... I might be overlooking something though... with ipnat it would be something like: (xl0 is local interface, ep0 and ep1 are remote) xl0 has ip 10.0.0.1 ep0 has ip 1.2.3.4 ep1 has ip 5.6.7.8 map xl0 1.2.3.4/32 -> 10.0.0.1/32 portmap tcp/udp 40000:60000 map xl0 1.2.3.4/32 -> 10.0.0.1/32 map xl0 5.6.7.8/32 -> 10.0.0.1/32 portmap tcp/udp 40000:60000 map xl0 5.6.7.8/32 -> 10.0.0.1/32 (please correct me if I'm wrong, I didn't really test this setup) I'm not sure how to handle this if you've multiple public ip's that should be mapped to multiple local servers, read the ipnat docs/examples, I guess there's some example of DNAT there... at least with linux' iptables it would be trivial, so i guess ipnat or natd can do it too I guess with natd it would be something similair, but I don't really know natd. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010605200106.N15640>