From owner-freebsd-net@FreeBSD.ORG Tue Jan 3 23:42:29 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30AEB16A423 for ; Tue, 3 Jan 2006 23:42:28 +0000 (GMT) (envelope-from dennisolvany@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3952E43D46 for ; Tue, 3 Jan 2006 23:42:27 +0000 (GMT) (envelope-from dennisolvany@gmail.com) Received: by wproxy.gmail.com with SMTP id i31so2432700wra for ; Tue, 03 Jan 2006 15:42:26 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=m8MhyAvczHFltCQhUL/Uap0UTCUJFattafR0+AdZaxktzu4Mer5cm9l09kSt1hfw0BO34XVebb+BuvpqY6bYzstq/ajFDgHiSDEujDDfjZICHEy4duN6cdDOO0lWtG8UjxdBO7J1zEXJk2fIUPdMPusfU4sl9KOIFav48lYo2h8= Received: by 10.54.72.15 with SMTP id u15mr1857832wra; Tue, 03 Jan 2006 15:42:26 -0800 (PST) Received: from ?192.168.10.2? ( [67.102.60.210]) by mx.gmail.com with ESMTP id 28sm2545102wrl.2006.01.03.15.42.25; Tue, 03 Jan 2006 15:42:26 -0800 (PST) Message-ID: <43BB0BC6.3070409@gmail.com> Date: Tue, 03 Jan 2006 17:41:58 -0600 From: Dennis Olvany User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051129) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org X-Enigmail-Version: 0.93.0.0 OpenPGP: id=D71A85AB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Client Load Balancing: LSNAT-router using IPFW and NATD on FreeBSD 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jan 2006 23:42:29 -0000 Client Load Balancing: LSNAT-router using IPFW and NATD on FreeBSD 6.0 The Internet gateways must reside in different logical networks for this configuration to work. 1. Compile Custom Kernel options IPFIREWALL options IPFIREWALL_FORWARD options IPDIVERT options IPFIREWALL_FORWARD_EXTENDED 2. Configure System (/etc/rc.conf) firewall_enable="yes" firewall_type="/etc/ipfw.rules" ifconfig_ste0="195.16.87.38/29" ifconfig_ste0_alias0="192.168.102.62/24" ifconfig_fxp0="192.168.10.1/24" defaultrouter="192.168.102.1" gateway_enable="yes" natd_enable="yes" natd_flags="-f /etc/natd.conf" 3. Configure NATD (/etc/natd.conf) instance default alias_address 192.168.102.62 instance other alias_address 195.16.87.38 port 8669 globalport 9000 4. Configure IPFW (/etc/ipfw.rules) -f flush add skipto 20000 ip from any to 192.168.102.62 in via ste0 add skipto 30000 ip from any to 195.16.87.38 in via ste0 add divert 9000 ip from any to any out via ste0 add skipto 40000 ip from { 192.168.102.62 or 195.16.87.38 } to any out via ste0 add prob .5 skipto 20000 ip from any to any out via ste0 add skipto 30000 ip from any to any out via ste0 add skipto 40000 ip from any to any add 20000 divert natd ip from any to any add skipto 40000 ip from any to any add 30000 divert 8669 ip from any to any add skipto 40000 ip from any to any add 40000 check-state add deny ip from 192.168.10.0/24 to any via ste0 add allow ip from me to me via lo0 keep-state add deny ip from me to any in add allow ip from 195.16.87.38 to { me or 195.16.87.32/29 or 192.168.102.0/24 or 192.168.10.0/24 } keep-state add forward 195.16.87.33 ip from 195.16.87.38 to any keep-state add allow ip from me to any keep-state add deny ip from me to any add allow icmp from any to me icmptypes 3,4,8,11 keep-state add deny ip from any to me add allow ip from 192.168.10.0/24 to any keep-state add deny ip from 192.168.10.0/24 to any add allow icmp from any to 192.168.10.0/24 icmptypes 3,4,11 keep-state add deny ip from any to 192.168.10.0/24