Date: Mon, 24 May 2004 15:08:00 -0700 From: "J.T. Davies" <jtd@hostthecoast.org> To: <freebsd-ipfw@freebsd.org> Subject: RE: ISP redundancy and with IPFW Message-ID: <000101c441db$a384f720$90e6d2d1@Jay> In-Reply-To: <BAY7-F31ZmZ4JlmSFWh000125d4@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Simon, >From another IPFW newbie (myself), I solved it with the following: The two router computers would use NATD to redirect the port traffic = inside. On the webserver (if you're fortunate enough to have FreeBSD on that, = which I did), I also enabled IPFW and used two rules: The first would route traffic back to the .1 router if it came from that router. The second would be the same, but direct to .2. I think I used = the forward action with IPFW. (Forward to .1 if the traffic came from .1, forward to .2 if the traffic came from .2) I don't have that configuration anymore to share, but it worked rather = well. It may not have been the best solution (aside from installing another = port), but it did work well! J.T. -----Original Message----- From: owner-freebsd-ipfw@freebsd.org = [mailto:owner-freebsd-ipfw@freebsd.org] On Behalf Of Simon Chang Sent: Monday, May 24, 2004 6:31 AM To: freebsd-ipfw@freebsd.org Subject: ISP redundancy and with IPFW Hello all, IPFW newbie question. I am lucky enough to have 2 ADSL connections with 6 static addresses on = each router. I have a web server that needs to be always availaible from the=20 internet for our road warriors. What I would like to do is give this web = server a private address say 10.0.0.1 and put it behind a freeBSD/IPFW=20 firewall. I would then like to nat this private address to a public = address=20 from each ISP's range. Say 100.1.1.2 for ISP1 (The ISP router address is 100.1.1.1) and = 200.2.2.2 for ISP2 (The ISP router address is 200.2.2.1) This would mean that our roadwarriors could type into their browsers = either=20 http://100.1.1.2 or http://200.2.2.2 and arrive at the web server. The problem I'm not sure about is how to configure the return routing of = the packets (I don't think I can use a default router on the firewall). Say for example ISP1 was down - 100.1.1.2 does not work, so the user = types=20 200.2.2.2 the packet arrives at the firewall is natted to 10.0.0.1 and = sent=20 to the web server. The retun packet is returned to the firewall where = the=20 souce is "unnattted" to 200.2.2.2 (destination could be anything), how = do I=20 specify a rule that says for this source address (in ISP2's network) = send=20 the packet to ISP2's router (200.2.2.1)? Obviously I cannot route by destination address as this could be = anything=20 (for the return packets). Is this possible with IPFW? and Nat together? Has anyone a similar rule set that they could send me? Cheers, Simon Chang. _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE*=20 http://join.msn.com/?page=3Dfeatures/virus _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000101c441db$a384f720$90e6d2d1>