From owner-freebsd-ipfw@FreeBSD.ORG Sun Sep 9 18:39:04 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8DA4516A418 for ; Sun, 9 Sep 2007 18:39:04 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id 5961C13C459 for ; Sun, 9 Sep 2007 18:39:02 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1IURPq-0000c0-8c for freebsd-ipfw@freebsd.org; Sun, 09 Sep 2007 11:21:50 -0700 Message-ID: <12581500.post@talk.nabble.com> Date: Sun, 9 Sep 2007 11:21:50 -0700 (PDT) From: Steffen To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: STEFF@tdc.dk Subject: ipfw, two natd instances and policy based routing.. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Sep 2007 18:39:04 -0000 Hi! I'm trying to build an internet solution for the few people that live in my building. I'm convinced that I need to run two instances of natd. Tips on how thats best obtained are welcome - I've just copied the /etc/rc.d/natd into natd2 and replaced natd to natd2 where approriate, but thats really an ugly solution I think.. Then I wan't to do source based routing. I'll explain why futher on down if you're interested. My problem is that I'm confused about how to both do source based routing AND nat. When i use either of the fwd or divert commands, the processing of the packet ends, so I can only do one of the two, when I'm really trying to do both to the same packet. I've read a couple of times that packets are run through the filter twice, but I'm unsure how to use this, which order etc. I would guess that I should use fwd on packets inbound and then do nat outbound, but I can't really see how that should be configured - pointers to good thorough documentation would be greatly appreciated, as well as hints on what to do. /Steffen Setup description: I have two dsl lines and two freebsd boxes for redundancy. The one dsl is mine (dsl A) and should only be used by me when the other shared dsl (dsl B) is working, if its down, then the other residents may use my dsl. I should always use my own dsl unless its down. The two dsl lines comes with a public /29 connect on each, and using vlans (vlan6=dslAm vlan7=dslB), each freebsd box has a vlan interface in each of the connect prefixes. This way, even if a freebsd box dies and any dsl line dies things should still work. A cronjob would check if any dsls are down and configure ipfw accordingly. Currently box1 has a default via vlan6 and box2 via vlan7. My clients then use box1 and other residents use box2 for default gateway. In the ultimate setup I'd be running vrrp on all the client lans that all connect to box 1 & 2. Policybased routing would ensure that residents only uses my dsl when the shared one is down, and that I always use my dsl, or the shared if mine is down. Both boxes 1 & 2 are configured for nat out on vlan6 & 7. A cronjob checks if the dsl's are up, and reconfigures source based routing if a change occurs. -- View this message in context: http://www.nabble.com/ipfw%2C-two-natd-instances-and-policy-based-routing..-tf4410268.html#a12581500 Sent from the freebsd-ipfw mailing list archive at Nabble.com.