Date: Thu, 18 Nov 2004 18:51:58 +0200 From: Edvard Fagerholm <efagerho@cc.hut.fi> To: freebsd-questions@freebsd.org Subject: Problem routing via two NICs to same subnet Message-ID: <20041118165158.GA367979@cc.hut.fi>
next in thread | raw e-mail | index | archive | help
Hello! I'm building an interesting configuration and came up with some problems. Me and my roommate both have our own 10mb internet connection through the same ISP. The connection works over ethernet and IPs are assigned with DHCP and everyone in the building receives IPs from the same subnet. I'm building a firewall with NAT that would translate his internal IPs to the IP assigned to the NIC connected to his connection and my internal IPs to my NIC's IP. Basically we have: 192.168.0.xxx-yyy 192.168.0.aaa-bbb 192.168.0.1 FW NIC1 80.221.x.a NIC2 80.221.x.b 80.221.x.1 GW To do the NAT, I simply use: nat on $my_nic from $my_ips to any -> ($my_nic) nat on $his_nic from $his_ips to any -> ($his_nic) and to force outgoing packets to the right interfaces I use: pass in quick on $int_if route-to ($my_nic 80.221.x.1) from $my_ips to ! \ 192.168.0.1 pass in quick on $int_if route-to ($his_nic 80.221.x.1) from $his_ips to ! \ 192.168.0.1 Now the problems. To get IPs I have to use DHCP. I use the wide implementation, because that can handle multiple interfaces as opposed to FreeBSD's. Of course after getting an address for the first interface, the second interface can't set it's address, because it gets and SIOCAIFADDR. I fixed this by modifying the DHCP-client, so that it'll delete the conflicting route before it is run for the second interface. This way both interfaces can get an IP from the same subnet. If I understand route-to correctly, then no routing whatsoever is done on the packet and the only thing that needs to be done before sending the packet is to lookup up the MAC address of the destination? Now 80.221.x.1 only gets assigned to one of the interfaces and I can only route data through that interface. The packets put in the outbound queue of the other interface never leave the firewall. Any suggestions? Anyway to assign the IPs manually, so that this would work? Regards, Edvard Fagerholm
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041118165158.GA367979>