From owner-freebsd-ipfw@FreeBSD.ORG Sun Jan 2 07:29:17 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5589C106566B for ; Sun, 2 Jan 2011 07:29:17 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from out-0.mx.aerioconnect.net (out-0-32.mx.aerioconnect.net [216.240.47.92]) by mx1.freebsd.org (Postfix) with ESMTP id 36AF18FC13 for ; Sun, 2 Jan 2011 07:29:16 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id p027TGie027988; Sat, 1 Jan 2011 23:29:16 -0800 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 11A6E2D6013; Sat, 1 Jan 2011 23:29:14 -0800 (PST) Message-ID: <4D202962.8090209@freebsd.org> Date: Sat, 01 Jan 2011 23:29:38 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Nima Khoramdin References: <4D1FC784.2000409@freebsd.org> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW - NAT - two gateway -HELP X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jan 2011 07:29:17 -0000 On 1/1/11 10:42 PM, Nima Khoramdin wrote: > hello again > > ok Maybe I was wrong explain. I already have an ip address in my network is > working with NAT ( nat to internal web server ) , i want to add another NIC > with a new isp (IP) for backup, and new nat rule. > > how can i set two separated gateways on freebsd. > > thanx > so, your addresses are NOT 172... and 10.....? Assuming you have a way to get the externally sourced packets to your interface, then you have a couple of options. Firstly you will need to either use two natd instances, or single natd using tow of the new 'instance' sections. (quoting from the natd man page...) --------start quote------- Options can be divided to several sections. Each section applies to own natd instance. This ability allows to config- ure one natd process for several NAT instances. The first instance that always exists is a "default" instance. Each another instance should begin with instance instance_name At the next should be placed a configuration option. Exam- ple: # default instance port 8668 alias_address 158.152.17.1 # second instance instance dsl1 port 8888 alias_address 192.168.0.1 Trailing spaces and empty lines are ignored. A `#' sign will mark the rest of the line as a comment. -instance instancename This option switches command line options processing to con- figure instance instancename (creating it if necessary) till the next -instance option or end of command line. It is eas- ier to set up multiple instances in the configuration file specified with the -config option rather than on a command line. --------- end quote--------- you can then use the ipfw 'fwd' command to decide which goes where or alternatively, you can also use the new multiple routing table feature to decide which sessions go to which gateway. >> >> ISP1 ISP2 >> wireless connection ADSL >> 2mb/2mb 1mb/1mb >> 172.16.1.1/23 10.0.0.1/23 >> >> | | >> | | >> | | >> | | >> static static >> 172.16.1.5 10.0.1.15 >> *aue0*******************tun0* >> * FreeBSD * >> *************ep0************* >> >> 192.168.1.254 >> | >> | >> ***** >> Private LAN >> 192.168.1.0/24 >> | >> | >> | >> webserver >> >> 192.168.1.121 >> >> >> how to use of this two gateways for my internal webserver with ipfw& nat >> >> i want to know how can i use ISP2 adsl as ISP1 ( i mean if anyone put ISP1 >> (172.16.1.5) , ISP2 (10.0.10.15) to the browser , can see my internal >> webserver page with two separated ISPs ) not load balance . i want to use >> two ISPs at the same time . >> > do you REALLY have 172.16.1.5 and 10.0.1.15 as your IP addresses? > If so there is no way you can be reached from the outside.. > unless you have made an agreement with the ISPs to forward some address/port > to you. > They are doing NAT on your outgoing sessions as it is already.. > > > > > sorry for my bad explanation >> thanx >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> >> > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >