From owner-freebsd-questions@FreeBSD.ORG Thu Nov 18 16:52:55 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9C9116A4CE for ; Thu, 18 Nov 2004 16:52:55 +0000 (GMT) Received: from smtp-2.hut.fi (smtp-2.hut.fi [130.233.228.92]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCDAE43D5D for ; Thu, 18 Nov 2004 16:52:54 +0000 (GMT) (envelope-from efagerho@kosh.hut.fi) Received: from localhost (putosiko.hut.fi [130.233.228.114]) by smtp-2.hut.fi (8.12.10/8.12.10) with ESMTP id iAIGqrhq024668 for ; Thu, 18 Nov 2004 18:52:53 +0200 Received: from smtp-2.hut.fi ([130.233.228.92]) by localhost (putosiko.hut.fi [130.233.228.114]) (amavisd-new, port 10024) with LMTP id 19637-02-2 for ; Thu, 18 Nov 2004 18:52:52 +0200 (EET) Received: from kosh.hut.fi (kosh.hut.fi [130.233.228.10]) by smtp-2.hut.fi (8.12.10/8.12.10) with ESMTP id iAIGq0HZ024537 for ; Thu, 18 Nov 2004 18:52:00 +0200 Received: (from efagerho@localhost) by kosh.hut.fi (8.12.10/8.12.9/Submit) id iAIGpxdl286243 for freebsd-questions@freebsd.org; Thu, 18 Nov 2004 18:51:59 +0200 (EET) Date: Thu, 18 Nov 2004 18:51:58 +0200 From: Edvard Fagerholm To: freebsd-questions@freebsd.org Message-ID: <20041118165158.GA367979@cc.hut.fi> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on putosiko.hut.fi X-TKK-Virus-Scanned: by amavisd-new-2.1.2-hutcc at putosiko.hut.fi Subject: Problem routing via two NICs to same subnet X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2004 16:52:55 -0000 Hello! I'm building an interesting configuration and came up with some problems. Me and my roommate both have our own 10mb internet connection through the same ISP. The connection works over ethernet and IPs are assigned with DHCP and everyone in the building receives IPs from the same subnet. I'm building a firewall with NAT that would translate his internal IPs to the IP assigned to the NIC connected to his connection and my internal IPs to my NIC's IP. Basically we have: 192.168.0.xxx-yyy 192.168.0.aaa-bbb 192.168.0.1 FW NIC1 80.221.x.a NIC2 80.221.x.b 80.221.x.1 GW To do the NAT, I simply use: nat on $my_nic from $my_ips to any -> ($my_nic) nat on $his_nic from $his_ips to any -> ($his_nic) and to force outgoing packets to the right interfaces I use: pass in quick on $int_if route-to ($my_nic 80.221.x.1) from $my_ips to ! \ 192.168.0.1 pass in quick on $int_if route-to ($his_nic 80.221.x.1) from $his_ips to ! \ 192.168.0.1 Now the problems. To get IPs I have to use DHCP. I use the wide implementation, because that can handle multiple interfaces as opposed to FreeBSD's. Of course after getting an address for the first interface, the second interface can't set it's address, because it gets and SIOCAIFADDR. I fixed this by modifying the DHCP-client, so that it'll delete the conflicting route before it is run for the second interface. This way both interfaces can get an IP from the same subnet. If I understand route-to correctly, then no routing whatsoever is done on the packet and the only thing that needs to be done before sending the packet is to lookup up the MAC address of the destination? Now 80.221.x.1 only gets assigned to one of the interfaces and I can only route data through that interface. The packets put in the outbound queue of the other interface never leave the firewall. Any suggestions? Anyway to assign the IPs manually, so that this would work? Regards, Edvard Fagerholm