Date: Sat, 5 May 2007 18:23:39 -0300 From: "Jason Hills" <jazzhills@gmail.com> To: "Patrick Tracanelli" <eksffa@freebsdbrasil.com.br> Cc: ipfw@freebsd.org Subject: Re: Policy Routing natd+ipfw Message-ID: <33910a2c0705051423j53ad82aem5dc779ecba438d6b@mail.gmail.com> In-Reply-To: <56951.BUtUVAZEUwM=.1178338987.squirrel@webmail.freebsdbrasil.com.br> References: <33910a2c0705041812s2aaf0b62t785e16abc0decee6@mail.gmail.com> <56951.BUtUVAZEUwM=.1178338987.squirrel@webmail.freebsdbrasil.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/5/07, Patrick Tracanelli <eksffa@freebsdbrasil.com.br> wrote: > > How can I do policy routing with ipfw+natd? > > > > I started 2 natd processes, using natd.conf and natd2.conf > > respectively, but things dont work. My rules are: > > Long time ago, PHK added an (undocumented, except for commit logs) featur= e > in natd(8), called "instances". To use it, you can start a config file > with the "instance" keyword followed with an identifier, and in a certain > moment use the "instance" keyword again, with a second identifier. Each > block will create different natd instances which can be used with > independent configurations. However they are run by the same proccess. > > Here is an (production) example: Very good, it worked fine. I am happy I can stop running 2 natds. It was ug= ly. > > To do so in your enviroment, divert packets to the second link when they > reach the main outgoing interface (tradditional path the packet would > flow, according to routing table): > > divert 8669 ip from $net2 to any out via $ext_if1 > > Yes, this WILL work. Packets will be diverted to second natd instance whe= n > it reaches the main outgoing interface (as main, I want you to read: the > one used by default route). It sounds like it worked. Packets hit the rule correctly, but I dont go to Internet. > > So, here you are forgetting another mandatory flow control: you have to > send packets from your second-link IP address to your second-link gateway= . > IPFW=B4s "fwd" action will do this like a charm =3D) I believe this is why I dont get to internet. I didnt understand this ipfw fwd thing you mentioned. Could you give some example? > > > > > divert 8668 ip from any to any via $ext_if1 > > divert 8669 ip from any to any via $ext_if2 > > > > My defaultrouter is the one on $ext_if1. > > > > It works for port 8668 but doesnt work for 8669 (the second xDSL link) > > > > -- > > Jazzie Hills > > > -- > Patrick Tracanelli > (31) 3281 9633 > sip://313306@sip.freebsdbrasil.com.br > > --=20 Jazzie Hills
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33910a2c0705051423j53ad82aem5dc779ecba438d6b>