From owner-freebsd-questions@FreeBSD.ORG Fri Jan 27 12:45:08 2006 Return-Path: X-Original-To: questions@FreeBSD.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFCD616A420 for ; Fri, 27 Jan 2006 12:45:08 +0000 (GMT) (envelope-from steven@unix-solutions.be) Received: from DOZER.unix-solutions.be (dozer.unix-solutions.be [85.158.213.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 355B243D46 for ; Fri, 27 Jan 2006 12:45:07 +0000 (GMT) (envelope-from steven@unix-solutions.be) Received: from steven ([84.195.224.232]) by unix-solutions.be with MailEnable ESMTP; Fri, 27 Jan 2006 13:44:48 +0100 Message-ID: <000901c6233f$742d1060$c802a8c0@steven> From: "Unix-Solutions - Steven" To: Date: Fri, 27 Jan 2006 13:44:46 +0100 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Multiple natd + ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jan 2006 12:45:08 -0000 Hi you guy's, I have a little problem with my natd or ipfw configuration. Current situation: ISP1 =3D Telenet (Belgium) Speed: 20 mbit/s down & 1 mbit/s upload We get ip via dhcp ISP2 =3D Versatel (Belgium) Speed: 1 mbit/s down & 1 mbit/s upload We have a range with static ip's Versatel is our backup ISP because this line is very slow Currently we are running on telenet but we want to switch to versatel = when telenet is down. Config that works: TELENET --> ROUTER VERSATEL --> ROUTER ROUTER --> INTERNAL NETWORK RC.conf: # 84.195.224.254 --> gateway of telenet defaultrouter=3D"84.195.224.254"=20 hostname=3D"router.intranet.local" ifconfig_fxp0=3D"inet 192.168.2.254 netmask 255.255.255.0" # VERSATEL ifconfig_xl0=3D"inet 62.166.141.36 netmask 255.255.255.248" # TELENET=20 ifconfig_xl1=3D"DHCP" gateway_enable=3D"YES" firewall_enable=3D"YES" firewall_type=3D"OPEN" firewall_logging=3D"YES" firewall_script=3D"/etc/ipfw.rules" natd_enable=3D"YES" natd_interface=3D"xl1" natd_flags=3D"-f /etc/natd.conf" IPFW.rules: ipfw -f flush ipfw add 00001 divert natd ip from any to any via xl1 ipfw add 00002 divert natd ip from any to 62.166.141.32/29 via xl0 ipfw add 00004 allow ip from any to any via lo0 ipfw add 00005 deny ip from any to 127.0.0.0/8 ipfw add 00006 deny ip from 127.0.0.0/8 to any ipfw add 00007 allow ip from any to any Now I want to add 192.168.2.253 as alias on the FXP0 and when a PC on my internal network sets his gateway to 192.168.2.253 I want that this PC takes the versatel route. How is this possible ? I'm currently followed this manual =3D> = http://www.opennet.ru/base/net/freebsd_2x_natd.txt.html I translated it with babelfish =3D> = http://pub.beenske.be/docs/dual-natd+ipfw.txt Config files: RC.conf: # 84.195.224.254 --> gateway of telenet defaultrouter=3D"84.195.224.254"=20 hostname=3D"router.intranet.local" ifconfig_fxp0=3D"inet 192.168.2.254 netmask 255.255.255.0" ifconfig_fxp0_alias0=3D"inet 192.168.2.253 netmask 255.255.255.255" # VERSATEL ifconfig_xl0=3D"inet 62.166.141.36 netmask 255.255.255.248" # TELENET=20 ifconfig_xl1=3D"DHCP" gateway_enable=3D"YES" firewall_enable=3D"YES" firewall_type=3D"OPEN" firewall_logging=3D"YES" firewall_script=3D"/etc/ipfw.rules" natd_enable=3D"YES" natd_interface=3D"xl1" natd_flags=3D"-f /etc/natd.conf" natd2_enable=3D"YES" natd2_interface=3D"62.166.141.36" natd_flags=3D"-f /etc/natd2.conf" ipfw.rules: ipfw -f flush ipfw add 00001 divert natd ip from any to any via xl1 ipfw add 00002 divert natd ip from any to 62.166.141.32/29 via xl0 ipfw add 00003 divert 8669 ip from 192.168.2.253 to any via xl0 ipfw add 00004 allow ip from any to any via lo0 ipfw add 00005 deny ip from any to 127.0.0.0/8 ipfw add 00006 deny ip from 127.0.0.0/8 to any ipfw add 00007 allow ip from any to any natd.conf & natd2.conf: redirect_port tcp 192.168.2.30:3389 3389 (a windows pc that i want to = access over RDP) Can you please help me ? Greetz, Steven Bens CEO Unix-Solutions