Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 7 Nov 2003 06:51:56 -0800
From:      "Drew Tomlinson" <drew@mykitchentable.net>
To:        "Milan Obuch" <milan.obuch@bluegrass.sk>
Cc:        freebsd-net@freebsd.org
Subject:   Re: Routing With Two ISPs?
Message-ID:  <011601c3a53e$b0d3c5d0$0301a8c0@bigdaddy>
References:  <022501c3a491$e46bf780$6e2a6ba5@lc.ca.gov> <200311070833.36482.milan.obuch@bluegrass.sk>

next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Milan Obuch" <milan.obuch@bluegrass.sk>
Sent: Thursday, November 06, 2003 11:33 PM


> On Thursday 06 November 2003 19:14, Drew Tomlinson wrote:
> > I have a 4.8 box serving as a gateway with two connections to the
> > Internet.  Is there some way to set the box up so that packets are
> > routed out through the same interface from which they arrived?  For
> > example, if a connection is initiated on port 80 from a packet arriving
> > on one interface, is there a way to make the outgoing packets from my
> > web server use that same interface as a gateway instead of the default
> > interface?
> >
>
> Hi, Drew,
> there is no standard way to do this, hovewer, if your box is just a
multihomed
> host, then it is possible with ipfw. Anyway, one connection is preferred
> being default gateway, the second one could be routed with
>
> ipfw add fwd <ip of the other side> ip from <ip of my side> to any
>
> which works this way:
> My second connection is from world to my ip, and if packet is locally
> generated with my ip, send it to the other side regardless whether routing
> table shows there or not.

Thank you for your reply.  I have tried using the 'fwd' option of ipfw but
it doesn't work in my situation.  I suspect it has something to do with NAT.
Maybe you can see what I'm missing or a better way to do it?

My situation is this:  I have a DSL connection to my home and my neighbor
has a cable connection in his.  His cable modem is connected to a Linksys
Wireless AP/Router and he has graciously allowed me to use his link.  So
here is a diagram of our networks:

         Internet
             |
         Public IP
             |
       ADSL Modem/Router
        192.168.10.1
             |
            dc0
        192.168.10.2
             |
         FBSD 4.8 --------- rl0
             |         192.168.100.2
            dc1              |
             |         192.168.100.1
        192.168.1.2    Neighbor's AP
             |               |
        Internal LAN     Public IP
                            |
                         Internet

A limitation of the Linksys AP NAT implementation is that it will only
forward packets to nodes on it's own subnet.  So in this case it will only
forward packets from the Internet to 192.168.100.0/24.  However I would like
to have packets forwarded to nodes on 192.168.1.0/24, specifically traffic
on port 8080 forwarded to 192.168.1.3.

So I tell the Linksys AP to forward to 192.168.100.2.  At first I tried a
'ipfw fwd' rule to then forward that traffic to 192.168.1.3.  The rule
worked but the traffic arrived with a destination address of 192.168.100.2
and thus the 192.168.1.3 node ignored the traffic.

Next, I started natd with a 'redirect' rule on 192.168.100.2.  This rewrites
the destination address to 192.168.1.3 and initiates the connection.
However, the connection doesn't complete because the default route on the
FBSD gateway is 192.168.10.1 (my DSL connection) so the acks never reached
the client.

To solve this, I tried adding a 'ipfw fwd' rule to send the traffic out
192.168.100.1 but that didn't work.  I could see the packets going out
192.168.100.2 but I have no way to know what the Linksys did with them.  I
suspect this has to do with NAT being performed twice, once on my gateway
and again on the Linksys?  I tried forwarding the packet to 192.168.100.2
but that didn't work either.

As a further test, if I define the IP address (1.2.3.4 for example) of the
machine requesting service on port 8080 to the route table (route add
1.2.3.4 192.168.100.1), then the connection gets established and traffic
flows between the machines.  Unfortunately it is not practical to make
static routes for each machine that may connect, especially with dynamic
IPs.

> Nut I know no way how to distiguish packets coming from internal net if
they
> should go one way or the other, if requests can come from both links. If
you
> know exactly netblocks which could send request one or the other side,
then
> you can just use routing entries, but I feel this to be cumbersome to
> maintain if possible ever to track changes...

Agreed.  So do you have any ideas on how I could get things working the way
I'd like?

Thanks,

Drew



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?011601c3a53e$b0d3c5d0$0301a8c0>