From owner-freebsd-net Fri Mar 2 0:38: 2 2001 Delivered-To: freebsd-net@freebsd.org Received: from ns.any.ru (ns.any.ru [194.67.127.11]) by hub.freebsd.org (Postfix) with ESMTP id AE51037B71B for ; Fri, 2 Mar 2001 00:37:57 -0800 (PST) (envelope-from avn@ns.any.ru) Received: (from avn@localhost) by ns.any.ru (8.11.2/8.11.2) id f228bPi94034 for freebsd-net@freebsd.org.AVP; Fri, 2 Mar 2001 11:37:25 +0300 (MSK) (envelope-from avn@ns.any.ru) X-Authentication-Warning: ns.any.ru: avn set sender to avn@ns.any.ru using -f Received: from localhost (avn@localhost) by ns.any.ru (8.11.2/8.11.2) with ESMTP id f228bJL94024 for ; Fri, 2 Mar 2001 11:37:24 +0300 (MSK) (envelope-from avn@ns.any.ru) X-Authentication-Warning: ns.any.ru: avn owned process doing -bs Date: Fri, 2 Mar 2001 11:37:19 +0300 (MSK) From: "Alexey V. Neyman" To: Subject: ipfw/natd or something else? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hello there! [ please keep CC'ing me ] I need to setup the following network: net A --+ | ------> ISP 1 v / (if1)GATEWAY(if2)------> ISP 2 ^ ^ \ | | ------> ISP n net B --+ | net C----------------+ ... While net A has normal network addresses; nets B,C have local addresses (like 10.0.0.0/8) and thus should diverted on a GATEWAY. Gateway has two network interfaces, and nets may be attached on both them. It should be possible to configure routing to specify which ISP each net is using, e.g. nets A and B should use ISP 1, while net C should use ISP2. I suppose the following: * having a natd running for each ISP we have * each natd is configured to use alias which is appropriate for given ISP (alias1, alias2) * allocate different ports for each ISP (as far as I understand, this is required by natd) (designated lower as port1, port2 etc) * the following rules in firewall ------------------------------------------------------------ fwd ISP1 all from (alias1) to any fwd ISP2 all from (alias2) to any .. divert (port1) all from (net B) to any via (if1) divert (port1) all from any to (alias1) via (if2) divert (port2) all from (net C) to any via (if2) divert (port2) all from any to (alias2) via (if2) .. ------------------------------------------------------------ Will this work? Am I missing something, or maybe there is less ugly way of setting up this? Regards, Alexey. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message