Date: Sat, 13 Jul 2002 09:07:54 +0200 From: Nils Vogels <nivo+freebsd-quesions@yuckfou.org> To: freebsd-questions@freebsd.org Subject: Multiple NATd running on one box Message-ID: <20020713070754.GA99389@amor.yuckfou.org>
next in thread | raw e-mail | index | archive | help
Hi all, Up till now, I've had my home situation with one cable connection to the big bad internet, and a firewall in between it to handle all the filtering and NAT etc, running ipfilter. Now that I'm adding a second uplink to the box (a DSL line) im seeing some problems with ipfilter, namely: 1) It will not properly redirect traffic to the DSL NIC, it always chooses the path the kernel routing table says or throws the packets into the bitbucket 2) When redirecting using ipnat on the new interface, there is an issue in the state-table, causing returning replies to be blocked (or again, sent out the wrong way, which makes the reply come from a different IP the request was fired to .. a hilaric sight :) Therefore I am thinking of swaying back to ipfw/natd on this box, but I have a few questions with regard to that: 1) The ipfw fwd command does exactly what I need in regard to selecting traffic to travel non-default paths, great ! (not actually a question ;) 2) Will running two different natd's on different ports cause any issues ? My thought was to: ipfw add 50 divert 8668 ip from any to any via xl0 (cable interface) ipfw add 55 divert 8669 ip from any to any via xl1 (dsl interface) and then the natd's: /sbin/natd -n xl0 -f /etc/natd.cable.conf /sbin/natd -n xl1 -p 8669 /etc/natd.dsl.conf The config files have port redirects and the kinds in them. The firewall will be set to allow specific incoming traffic only, and the rest is allowed by state-checking. Will this give me any unforseen issues ? Gr, -- Nils Vogels PGP:0xC26BD15F Available on keyservers. S@H:5118WU/6.940yr --> setiathome.ssl.berkeley.edu. Will you find aliens? My other computer is your windows box. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020713070754.GA99389>