From owner-freebsd-net@FreeBSD.ORG Sun May 11 18:25:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3601537B404 for ; Sun, 11 May 2003 18:25:34 -0700 (PDT) Received: from lakecmmtao02.coxmail.com (lakecmmtao02.coxmail.com [68.99.120.69]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEFBD43FAF for ; Sun, 11 May 2003 18:25:32 -0700 (PDT) (envelope-from steve@freeslacker.net) Received: from lakecm2mtao02 ([68.99.120.57]) by lakecmmtao02.coxmail.com (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20030512012530.UAPE1385.lakecmmtao02.coxmail.com@lakecm2mtao02> for ; Sun, 11 May 2003 21:25:30 -0400 From: To: freebsd-net@freebsd.org Date: Sun, 11 May 2003 18:25:30 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: <20030512012530.UAPE1385.lakecmmtao02.coxmail.com@lakecm2mtao02> Subject: SOLVED re: mult public conn/mult private conn routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 01:25:34 -0000 This has now been solved. Here's how for anyone who might be put in such a situation in the future and need a hand like I did. 1. Add firewall and divert to kernel ... options IPFIREWALL options IPDIVERT ... 2. configure rc.conf ... defaultrouter="" gateway_enable="YES" ifconfig_fxp0="inet netmask 255.255.255.192" ifconfig_fxp1="inet netmask 255.255.255.192" ifconfig_em0="inet netmask 255.255.255.0" ifconfig_em1="inet netmask 255.255.255.0" firewall_enable="YES" firewall_type="/etc/ipfw.conf" natd_enable="YES" natd_program="/usr/local/sbin/natdhack" ... 3. configure /etc/ipfw.conf ... add 00100 divert 8668 ip from /24 to any add 00100 divert 8669 ip from /24 to any add 00200 divert 8668 ip from any to add 00200 divert 8669 ip from any to add 00300 fwd ip from to any ... 4. configure natd_program # /usr/local/sbin/natdhack #!/bin/sh - # # Initialization script for multiple natd's /sbin/natd -m -s -p 8668 -alias_address ; /sbin/natd -m -s -p 8669 -alias_address ; many thx to David for repeatedly helping me. without that help I am sure I would still not have this solved. Steve Stremciuc ------------------ original question post Hello, I am having a problem with setting up a box I just built for the dedicated purpose of being a freebsd router. Below is a diagram describing my physical setup: ISP conn #1 ISP conn #2 | | \ 68.x.x.x/26 24.x.x.x/26 / -----------------_____------------------- fxp0| |fxp1 | | em0| ____|em1 / \ 192.168.0.1/24____| |_____192.168.100.1/24 fxp0 is 3.2Mb/s down 256Kbp/s up and will be used by all normal hosts on em0 fxp1 is 3.2Mb/s down 450Kbp/s up and will be used by servers on em1 What I want to achieve is having all outbound traffic from em0 (192.168.0.1/24) use fxp0, and all outbound traffic from em1 (192.168.100.1/24) use fxp1. em0 and em1 should be able to talk to each other. The problem is that since defaultrouter="68.x.x.x" is specified in /etc/rc.conf all traffic gets routed out through fxp0. Also, since natd_interface="fxp0" is specified, all packets are nat'ed from either em0 or em1 through fxp0. Is it possible to have natd on both fxp0 *and* fxp1 (i tried putting both natd_interface="fxp0" and natd_interface="fxp1" in /etc/rc.conf but this did not work)? Once a packet gets routed to fxp1, it just times out since the default route is atached to only fxp0. I've read up on routed and ipfw, but do not see a way to tell fxp0 to use defaultrouter A, and tell fxp1 to use defaultrouter B. Do I have to run a routing daemon for this? (examples/suggestions would be appreciated) Any ideas? Steve Stremciuc