From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 07:46:30 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9EA5816A41C for ; Tue, 28 Jun 2005 07:46:30 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix4-1.free.fr (postfix4-1.free.fr [213.228.0.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E30343D53 for ; Tue, 28 Jun 2005 07:46:30 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-1.free.fr (Postfix) with ESMTP id 06551317F31; Tue, 28 Jun 2005 09:46:28 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 9013C405B; Tue, 28 Jun 2005 09:46:41 +0200 (CEST) Date: Tue, 28 Jun 2005 09:46:40 +0200 From: Jeremie Le Hen To: Julian Elischer Message-ID: <20050628074640.GY1283@obiwan.tataz.chchile.org> References: <42C0DB3B.6000606@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42C0DB3B.6000606@elischer.org> User-Agent: Mutt/1.5.9i Cc: net@freebsd.org Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 07:46:30 -0000 Hi Julian, > The challenge: > > figure out a way so that all teh users on the network behind fxp0 > hcan use the internet using the T1 attached to the cisco off fxp1 > while all the advertised services (about 8 of them, few enough to > list by hand in rules etc.) which are also behind fxp0 but acccessed by > NAT'd addresses from the addresses on fxp1's net are accessed soly via that > T1. > > [...] > > I can get the 'forward' direction easily.. i.e. incoming packets. > > It's the reverse direction that doesn't work for me. > I considerred running 2 NATDs > but I need to run ipfw to identify teh reverse streams to force back via > fxp2 > and the only way I can do that is by using the 'fwd' command. > if I do that I can't divert them and if I divert them to natd first, I can't > 'fwd' them afterwards as the NATing is already done for the other (wrong) > interface. You definitely want a non-terminal "fwd" command. Ari Suutari has just implemented the "setnexthop" action that does the trick, I think the patch [1] is waiting to be commited in -CURRENT. I don't think this would be really difficult to backport to RELENG_4. Hope this helps. Regards, [1] http://lists.freebsd.org/pipermail/freebsd-net/2005-June/007710.html PS: I'm seeing more and more requests about routing limitations in FreeBSD everyday, such as lack of multiple routing tables support, lack of source routing (as well as higher level protocol based routing). Are there actually some projects that are being worked on to overcome this ? -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >