Date: Wed, 10 Oct 2001 05:20:18 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: <irado@nettaxi.com>, <freebsd-questions@freebsd.org> Subject: RE: routed tutorial Message-ID: <000601c15185$ec6c3820$1401a8c0@tedm.placo.com> In-Reply-To: <200110091200.f99C0V406813@mail10.bigmailbox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: irado@nettaxi.com [mailto:irado@nettaxi.com] >Sent: Tuesday, October 09, 2001 5:01 AM >To: freebsd-questions@freebsd.org >Cc: tedm@toybox.placo.com >Subject: RE: routed tutorial > > >maybe you are right. What do I need is what I mentioned previously: >3 ADSL fixed ip-address (public) must react as a single link, not possible. the >internal (192.168..) lan being nat'ed to the first available one - >no 'mandatory' pathway. And I really need some light as I am really >blind on 'where' I can get advice. Any hint, url, will be of great help. > you won't find anything because nobody has anything like this working. Look at it this way. Suppose you set up a box like you describe. The interfaces are numbered: outside: (1) 205.205.2.4 (2) 45.67.2.4 (3) 64.3.2.1 inside: 192.168.1.1 The NAT process in the router will translate the traffic coming from the inside to - what? Well, let's say that it translates it to 205.205.2.4 The NAT then routes the translated packet out - what? Well, the only interface it can do it to is 1 - because interface 2 and 3 will only accept packets from 45.67.2.4 and 64.3.2.1 respectively. Now, the packet reaches it's destination and a response is sent back to 205.205.2.4. Well, the INTERNET will route the response back to interface 1, NOT interface 2 or 3. Thus, if the NAT uses 205.205.2.4 as it's translated IP number then ALL the traffic will pass through interface 1. If it uses 45.67.2.4 as it's translated IP number then ALL the traffic will pass though 2, and so forth. Your problem here is that when your dreaming this scheme up your only looking at the Internet from the perspective of your own network - sending traffic out to the Internet. Your forgettting that you must also look at your own network from the perspective of the Internet. You can control whatever interface you want to send all your traffic out on - but you cannot control the interface that the Internet chooses to send the response traffic back to - at least not without your own AS and without running BGP. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000601c15185$ec6c3820$1401a8c0>