From owner-freebsd-net  Wed Feb 28  2:10:15 2001
Delivered-To: freebsd-net@freebsd.org
Received: from ajax1.sovam.com (ajax1.sovam.com [194.67.1.172])
	by hub.freebsd.org (Postfix) with ESMTP id 3B51737B71D
	for <net@freebsd.org>; Wed, 28 Feb 2001 02:10:12 -0800 (PST)
	(envelope-from avn@any.ru)
Received: from ts9-a405.dial.sovam.com ([195.239.71.149]:1065 "EHLO
	[195.239.71.149]" ident: "avn" whoson: "-unregistered-" smtp-auth:
	<none> TLS-CIPHER: <none> TLS-PEER: <none>) by ajax1.sovam.com
	with ESMTP id <S142441AbRB1KKB>; Wed, 28 Feb 2001 13:10:01 +0300
Date:	Wed, 28 Feb 2001 13:10:50 +0300 (MSK)
From: avn <avn@any.ru>
X-X-Sender:  <avn@srv2.any>
To: <net@freebsd.org>
Subject: natd/ipfw or something else?
Message-ID: <Pine.BSF.4.33.0102281310160.3790-100000@srv2.any>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

hello there!

I need to setup the following network:

net A --+
        |                 ------> ISP 1
        v                /
        (if1)GATEWAY(if2)------> ISP 2
        ^            ^   \
        |            |    ------> ISP n
net B --+            |
net C----------------+
....

While net A has normal network addresses; nets B,C have local addresses
(like 10.0.0.0/8) and thus should diverted on a GATEWAY. Gateway has two
network interfaces, and nets may be attached on both them. It should be
possible to configure routing to specify which ISP each net is using, e.g.
nets A and B should use ISP 1, while net C should use ISP2.
I suppose the following:
* having a natd running for each ISP we have
* each natd is configured to use alias which is appropriate for given ISP
  (alias1, alias2)
* allocate different ports for each ISP (as far as I understand, this is
  required by natd) (designated lower as port1, port2 etc)
* the following rules in firewall
------------------------------------------------------------
fwd ISP1 all from (alias1) to any
fwd ISP2 all from (alias2) to any
...
divert (port1) all from (net B) to any via (if1)
divert (port1) all from any to (alias1) via (if2)
divert (port2) all from (net C) to any via (if2)
divert (port2) all from any to (alias2) via (if2)
...
------------------------------------------------------------

Will this work? Am I missing something, or maybe there is less ugly way of
setting up this?

Regards,
Alexey.






To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message