From owner-freebsd-net@FreeBSD.ORG Sat Jan 10 10:09:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5081216A4CE for ; Sat, 10 Jan 2004 10:09:30 -0800 (PST) Received: from Greenmantis.net (130-94-162-101-dsl.hevanet.com [130.94.162.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 832F643D3F for ; Sat, 10 Jan 2004 10:09:25 -0800 (PST) (envelope-from aburke@nullplusone.com) Received: from thebe ([199.26.172.103]) by Greenmantis.net (8.12.10/8.12.10) with SMTP id i0A6Leq7043235; Fri, 9 Jan 2004 22:21:43 -0800 (PST) (envelope-from aburke@nullplusone.com) From: "Aaron Burke" To: "afshin" , Date: Sat, 10 Jan 2004 10:08:14 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20031230200830.59615.qmail@web21506.mail.yahoo.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: RE: 3NIC+ 2NAT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jan 2004 18:09:30 -0000 > I have 3 Nics lets name them NIC1-NIC2-NIC3 > NIC1 --> Internal Network /24 > NIC2 --> OutSide World (A) > NIC2 --> OutSide World (B) I have a similar situation (I think). I also have two seperate connections to the internet. fxp0: 11.22.33.44 gateway 11.22.33.1 fxp1: 66.77.88.99 gateway 66.77.88.1 fxp2: 192.168.0.1/24 > > I want to NAT NIC1/25 on NIC2 and NIC1(128)/25 on > NIC3. Are you saying that you want certain packets to leave through NIC1, and others to leave through NIC2? If this is the case, I dont have a solution. However, if you have two connections in case one goes down, then read on. > But the FreeBSD 4.8 Doesn't fo it on both interfaces > it does just on the one that the default gateway (of > the 4.8 with 3 NIICs)refers to. > I Have Entered: > # natd -interface NIC2 > # natd-interface NIC3 (This Gives Error) > and Using "ipnat" I am guesing that you want to create a semi-redundant connection to the internet. For those occations when one of the interfaces goes down. The problem with doing all of this in /etc/rc.conf is that the other rc files only expect one interface to be the default. There are several things that need to be considdered for this to work. And the bad news is that when one of the interfaces goes down, I still have to manually change the default gateway. The good news is that its all the work that has to be done. > > Any comments is appreciated so much > Regards, My comments are my solution, which works great, except that I still have to manually change the default route to get it to work. Please let me know if I am off track here. Step 1: Comment out the lines in /etc/rc.conf that control natd. I have created a script placed in /usr/local/etc/rc.d/fxp0-natd.sh and /usr/local/etc/rc.d/fxp1-natd.sh . Step 2: I edited /etc/services and added the following line. (I am unsure if this was needed, but I added it just to be safe) natd2 8669/divert # Network Address Translation Step 3: I created the following files that actually start up natd on each internet connected interface. Notice that one uses 8668 (natd) and one uses 8669 (natd2) (This may get destroyed by an email client, so I have attached them both. Just to be safe) # /usr/local/etc/rc.d/fxp0-natd.sh with execute bit set #!/bin/sh if [ $# -eq 0 -o x$1 = xstart ]; then /sbin/natd -p natd -s -u -f /etc/natd.conf -n fxp0 && echo -n ' natd started on fxp0 (Cable)' cp /var/run/natd.pid /var/run/natd.fxp0.pid fi if [ x$1 = xstop ]; then if [ -f /var/run/natd.fxp0.pid ]; then kill `cat /var/run/natd.fxp0.pid` else # oh well # killall natd (dont want to do this) fi fi # /usr/local/etc/rc.d/fxp1-natd.sh with execute bit set #!/bin/sh if [ $# -eq 0 -o x$1 = xstart ]; then /sbin/natd -p natd2 -s -u -f /etc/natd.conf -n fxp1 && echo -n ' natd started on fxp1 (DSL)' cp /var/run/natd.pid /var/run/natd.fxp1.pid fi if [ x$1 = xstop ]; then if [ -f /var/run/natd.fxp1.pid ]; then kill `cat /var/run/natd.fxp1.pid` else # oh well # killall natd (dont want to do this) fi fi Step 4: Now I need to tell my firewall that I am running natd on each interface. I am using ipfw. ipfw add divert 8668 ip from any to any via fxp0 ipfw add divert 8669 ip from any to any via fxp1 Step 5: FreeBSD will still send out icmp packets out the default gateway. I wanted to avoid this for two reasons. One of my ISP's blocks icmp messages for clients that dont belong on its network. And second because I want packets that come in one interface to leave on the same one. The next two rules use the following format. # default gateway from your ip address ipfw add fwd 66.77.88.1 ip from 66.77.88.99 to any via fxp0 ipfw add fwd 11.22.33.1 ip from 11.22.33.44 to any via fxp1. Notice that the via interface is using the ethernet interface of the other card. This means that if Cable (fxp0) is the default gateway, and a packet came in through the DSL interface (fxp1), send it to that host via fxp1 instead of out the default gateway attached to fxp0. Listing the opposite rule works to my advantage when I am using DSL as my default gateway. That way Cable modem (fxp0) packets still leave on fxp0. > > AFShin (AAS) > > "FreeBSD is the Best Performance OS Ever Made!" FreeBSD has some major uses. I think its a great networking OS. But its not really a great desktop OS. But those people have several choices available to them. (Windows, MacOS, Linux, etc.) aburke@nullplusone.com