From owner-freebsd-questions@FreeBSD.ORG Sat Sep 6 09:09:06 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B89D616A4BF for ; Sat, 6 Sep 2003 09:09:06 -0700 (PDT) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07AD343FBD for ; Sat, 6 Sep 2003 09:09:06 -0700 (PDT) (envelope-from kathey@pobox.com) Received: from salinger.birdbrain.net (12-235-49-181.client.attbi.com[12.235.49.181](untrusted sender)) by comcast.net (rwcrmhc13) with ESMTP id <2003090616090501500p7opfe>; Sat, 6 Sep 2003 16:09:05 +0000 Received: from salinger.birdbrain.net (localhost.birdbrain.net [127.0.0.1]) h867Abl0025954 for ; Sat, 6 Sep 2003 00:10:37 -0700 (PDT) (envelope-from kathey@pobox.com) Received: (from kathey@localhost) by salinger.birdbrain.net (8.12.8p1/8.12.8/Submit) id h867Aa0t025953 for freebsd-questions@freebsd.org; Sat, 6 Sep 2003 00:10:36 -0700 (PDT) X-Authentication-Warning: salinger.birdbrain.net: kathey set sender to kathey@pobox.com using -f Date: Sat, 6 Sep 2003 00:10:36 -0700 From: -kevin- To: freebsd-questions@freebsd.org Message-ID: <20030906071036.GE24191@salinger.birdbrain.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Organization: none Subject: triple NIC route challenge X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Sep 2003 16:09:06 -0000 (Please respond directly, as I am not on this list.) I have 3 NICs in a single machine. Shaped something like this: |-------------------| ISP1 -------|DHCP | | |------ Internal Network ISP2 -------|PPPoE | |-------------------| ISP2 is the new thing. Currently, all my traffic goes out to ISP1 thanks to the same old ipnat rule. If I set up a route for a range of addresses, they will take ISP2 out and be very happy. The problem is inbound. When I ping via ISP1 it works beautifully. But when I ping via ISP2, I don't get a response. I believe the echorep packet is lost because it is being routed according to the existing rules which don't give the machine a clue about ISP2. If I add a route to the pinging host which uses ISP2, then the pinging starts working there, but you guessed it, the ping via ISP1 stops working. - How can I have the outbound route setup based upon the inbound request? - Furthermore, how can I have that new route only affect that connection? Bonus Question: - How do I configure ipnat such that outbound traffic from my Internal Network is split between the two external interfaces? Yes, I know I can route it based on the origin machine on the Internal Network, and I know that I can set up the rules such that all traffic goes to a single external interface and when that interface is down, it will fail over to the secondary. What I want is outbound load balancing with failover capability. My "ifconfig -a": rl0: flags=8843 mtu 1500 inet 12.235.49.181 netmask 0xffffff80 broadcast 255.255.255.255 ether 00:01:0a:10:8c:74 media: Ethernet autoselect (100baseTX ) status: active dc0: flags=8843 mtu 1500 inet 192.168.177.1 netmask 0xffffff00 broadcast 192.168.177.255 ether 00:80:c6:f9:2a:d0 media: Ethernet autoselect (100baseTX ) status: active rl1: flags=8843 mtu 1500 ether 00:40:05:83:11:75 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 tun0: flags=8051 mtu 1492 inet 68.122.3.211 --> 10.1.1.1 netmask 0xffffff00 Opened by PID 1213 My "ipnat.rules": map rl0 192.168.177.0/24 -> 0/32 -- -* -kevin- *- -* sick with the good infection *- -* kathey@pobox.com *- -* http://www.pobox.com/~kathey *-