From owner-freebsd-ipfw@FreeBSD.ORG Mon May 24 06:31:51 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB4C416A4CE for ; Mon, 24 May 2004 06:31:51 -0700 (PDT) Received: from hotmail.com (bay7-f31.bay7.hotmail.com [64.4.11.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id C15BD43D1F for ; Mon, 24 May 2004 06:31:51 -0700 (PDT) (envelope-from agentflicker@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 24 May 2004 06:31:13 -0700 Received: from 213.56.76.185 by by7fd.bay7.hotmail.msn.com with HTTP; Mon, 24 May 2004 13:31:13 GMT X-Originating-IP: [213.56.76.185] X-Originating-Email: [agentflicker@hotmail.com] X-Sender: agentflicker@hotmail.com From: "Simon Chang" To: freebsd-ipfw@freebsd.org Date: Mon, 24 May 2004 15:31:13 +0200 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 24 May 2004 13:31:13.0990 (UTC) FILETIME=[62637660:01C44193] Subject: ISP redundancy and with IPFW X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 May 2004 13:31:52 -0000 Hello all, IPFW newbie question. I am lucky enough to have 2 ADSL connections with 6 static addresses on each router. I have a web server that needs to be always availaible from the internet for our road warriors. What I would like to do is give this web server a private address say 10.0.0.1 and put it behind a freeBSD/IPFW firewall. I would then like to nat this private address to a public address from each ISP's range. Say 100.1.1.2 for ISP1 (The ISP router address is 100.1.1.1) and 200.2.2.2 for ISP2 (The ISP router address is 200.2.2.1) This would mean that our roadwarriors could type into their browsers either http://100.1.1.2 or http://200.2.2.2 and arrive at the web server. The problem I'm not sure about is how to configure the return routing of the packets (I don't think I can use a default router on the firewall). Say for example ISP1 was down - 100.1.1.2 does not work, so the user types 200.2.2.2 the packet arrives at the firewall is natted to 10.0.0.1 and sent to the web server. The retun packet is returned to the firewall where the souce is "unnattted" to 200.2.2.2 (destination could be anything), how do I specify a rule that says for this source address (in ISP2's network) send the packet to ISP2's router (200.2.2.1)? Obviously I cannot route by destination address as this could be anything (for the return packets). Is this possible with IPFW? and Nat together? Has anyone a similar rule set that they could send me? Cheers, Simon Chang. _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus