Date: Fri, 21 Apr 2000 23:24:13 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Charles Mauch <cpm@yoonax.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: My routes and gates are giving me headaches Message-ID: <Pine.BSF.4.21.0004212257460.18268-100000@ren.sasknow.com> In-Reply-To: <NDBBJECCALJAGLIEMPKIAEKLCMAA.cpm@yoonax.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Charles Mauch wrote to freebsd-questions@FreeBSD.ORG:
> I'm trying to keep the incoming web and mail traffic isolated on it's own
> physical link back to the internet (the isdn side), and push my LAN web
> browsing on the cable modem (since it's not business related anyway, and for
> surfing, it's much cheaper). Besides, I can't host(business) web material
> on my cable modem without violating my AUP and raining down the wrath of the
> @home admins ;)
>
> I'm trying to setup my LAN machines (10.0.0.x) to send all their data out
> through ep0 on my freebsd machine. (ep0 is a cable modem) The FreeBSD
A bit of terminology, here.. ep0 is a network interface (3COM card) that
is connected to a cable modem with UTP. You didn't connect your cable
modem to a hub/switch, did you?
> machine itself has a default route going out fxp1. (Which is ISDN ...
> (business))
>
> Here are my important settings.... IP's changed to preserve the innocent ;)
>
> fxp1 = 206.154.19.195 / gateway 206.154.19.194 (default route)
> ep0 = 24.10.68.155 / gateway 24.10.68.1
> fxp0 = 10.0.0.2
>
> natd -n fxp1 (natd running translating stuff out isdn side)
>
> It seemed to me that the obvious solution would be so set my default gateway
> to the cable modem and let the other interface just do it's thing with what
> traffic it gets.
>
> Unfortunately, this doesn't work well. My workstations get internet access,
> but it appears incoming traffic from fxp1 is responded to on ep0. That's
> bad.
It's a little hard to piece together your problem without an explanation
of how the machines are configured (i.e, which computer has which
interface, and which machines are giving you the problem). Diagrams
always help.
You want your workstations to have Internet access from 24.10.168.0/24?
Or from 206? You are correct to run natd on the external interface, but,
if you wish to enable natd for the 24 network (i.e, you wish to map local
10.0.0.0/8 addresses to public 24.0.0.0/8 addresses, you must run natd on
ep0). Thus, to specify everything explicitly (not always necessary, but
sometimes helpful):
natd -n ep0 -u -redirect_address 10.0.0.3 24.10.68.155
Note that you can specify more than one redirect_address (by repeating the
-redirect_address command in a similar manner), but only the LAST internal
address specified will recieve inbound packets from 24.10.68.155.
natd can be a tricky beast to the unwary, so keep the manpage handy :-)
On the machine(s) that will do web browsing across 24.0.0.0/8, try:
route delete default # ***
route add default 24.10.68.1
route add -net 206.154.19.128/25 206.154.19.194
*** You may want to try `route flush` if you have been messing with the
routes fairly heavily, leaving them in an unstable state. You may
even want to reboot to clear the memory and your own conscience ;-)
That will set up a default route through your cable modem, and direct all
traffic to the local 206' network through the other gateway. Note, the
second line might require modification. I've assumed a /25 network (i.e.,
range 128-254). If your network is different (i.e, a /24), you'll need to
get the spec right to ensure proper broadcast and net.
Always run netstat -rn to check your routing tables against what they
should be. Observe the MAC addresses and check against ifconfig -a to
verify that the routes are going through the correct interfaces.
tcpdump(1) is also your friend.
This can be put in rc.conf for the next reboot:
defaultrouter="24.10.68.1"
static_routes="isdn"
route_isdn="-net 206.154.19.128/25 206.154.19.194"
If your setup is the reverse, or if you are trying to share IPs in a weird
way, you may want port based nat. You MAY want to run a web proxy on your
24.0.0.0/8 machine. Also, please forgive any errors in syntax. This is
all off the top of my head.
Different setups will probably be required depending on the role of the
machine(s) in question. For instance, a machine that serves web requests
on port 80 AND browses, on two different networks, will require some
massaging of routes to ensure that the correct requests originate and
travel through the correct networks--port based NAT won't work with in the
way you might expect.
If this doesn't appear to help, please reply with a specific explanation
of how your network is set up (i.e, which computers are connected to what,
and which addresses (internal and external) belong to each interface).
Output of netstat -rn, ifconfig -a and any relevant configuration
information that you might not have already stated will help us.
- Ryan
--
Ryan Thompson <ryan@sasknow.com>
Systems Administrator, Accounts
Phone: +1 (306) 664-1161
SaskNow Technologies http://www.sasknow.com
#106-380 3120 8th St E Saskatoon, SK S7H 0W2
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004212257460.18268-100000>