Date: Thu, 26 Oct 2000 19:37:07 -0400 From: "John Telford" <j.telford@sympatico.ca> To: <nick@rapidnet.com> Cc: <freebsd-net@FreeBSD.ORG> Subject: Multihomed natd, nics and default gateways continued. Message-ID: <002601c03fa5$a760da30$0100000a@johnny5>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0023_01C03F84.20308EA0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Nick,
You are wise in the ways of FreeBSD and routing. Could you take a moment =
and provide some tips on how I could expand on your help to John Prince =
?
I have a similar setup but would like it to behave slightly differently. =
My setup:
1 internal interface.
1 external interface doing natd, default gateway routing for the =
internal to an isp.
We have now brought in a second ISP and put a 3rd interface into the =
Freebsd box. I'd like to have a setup like this:
ISPA-----------interface A_fxp0
fxp2_NATD--interface C---------internal =
network 10.130.x.x
ISPB-----------interface b_fxp1 =20
I would like to have all internal -> external traffic route through =
ISPA. In the event that ISPA goes down then the ISPB connection should =
take over automatically with out the users noticing except that things =
are slower because ISPB is a slower connection. This means the default =
gateway would have to change on the fly and I can't seem to locate much =
information on how this can work.
Thanks in advance, John=20
=20
Nick wrote:
DATE: 10/25/2000 19:58:00
SUBJECT: RE: Multipath natd
n Wed, 25 Oct 2000, John Prince wrote:
> Hello..
> Is it possible (I have been trying)....
> I have noticed other requests, however there does not seem to be any =
answers..
>=20
> I have a firewall setup, IPFW and Natd, with 2 external interfaces, =
and a=20
> single internal.
> Each external interface is connected to a provider.
> Setup is as follows..
> External Internal.
> bbb.bbb.bbb.bbb ---------------
> |--------------- ccc.ccc.ccc.ccc
> aaa.aaa.aaa.aaa ---------------
> The internal network consists of 2 nets, 10.0.1.0 and 10.0.2.0
> What I want to do is route any traffic from the 10.0.1.0 network to =
the=20
> (bbb) external
> interface, and traffic from the 10.0.2.0 to the the (aaa) interface..
> Ipfw and Natd appear to function, as long as I specify a default =
route..
> I would like to do this all on a single machine, if possible..
> Any help would be greatly appreciated..
It`s possible. Run 2 differnet natd`s. Setup ipfw like so:
#Don;t Divert local traffic
ipfw add 50 allow ip from 10.0.1.0/24 to 10.0.2.0/24
ipfw add 51 allow ip from 10.0.2.0/24 to 10.0.1.0/24
#Dvert traffic from 1.0/24 out and in interface B
ipfw add 100 divert natd ip from 10.0.1.0/24 to any
ipfw add 101 divert natd ip from any to any in via $INTERFACE_B
#Divert traffic from 2.0/24 network in and out int a
ipfw add 200 divert natd2 ip from 10.0.2.0/24 to any
ipfw add 201 divert natd2 ip from any to any in via $INTERFACE_A
#Add routing for these natd`d addresses
ipfw add 1000 fwd $INTERFACE_B_NEXT_HOP ip from=20
$INTERFACE_B_ADDRESS to any
ipfw add 2000 fwd $INTERFACE_A_NEXT_HOP ip from=20
$INTERFACE_A_ADDRESS to any
#Leave on for testing until it works
ipfw add 3000 allow ip from any to any
Then after you do that setup the 2 different natd`s to listen on
different ports (default 8668) and another entry int
/etc/services:
natd2 8669/divert # Network Address Translation
Then run the nat`s seperately:
root# natd -p 8668 -a $INTERFACE_B_ADDRESS
root# natd -p 8669 -a $INTERFACE_A_ADDRESS
Nick Rogness
- Drive defensively. Buy a tank.
------=_NextPart_000_0023_01C03F84.20308EA0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4134.600" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2><FONT =
size=3D3>Nick,</FONT></FONT></DIV>
<DIV><FONT face=3DArial>You are wise in the ways of FreeBSD and =
routing.=20
Could you take a moment and provide some tips on how I could expand on =
your help=20
to John Prince ?</FONT></DIV>
<DIV><FONT face=3DArial>I have a similar setup but would like it to =
behave=20
slightly differently. My setup:</FONT></DIV>
<DIV><FONT face=3DArial>1 internal interface.</FONT></DIV>
<DIV><FONT face=3DArial>1 external interface doing =
natd, default gateway=20
routing for the internal to an isp.</FONT></DIV>
<DIV><FONT face=3DArial>We have now brought in a second ISP and put a =
3rd=20
interface into the Freebsd box. I'd like to have a setup like =
this:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>ISPA-----------interface =
A_fxp0</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2> &nbs=
p;  =
; fxp2_NATD--interfa=
ce=20
C---------internal network 10.130.x.x</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>ISPB-----------interface=20
b_fxp1</FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I would like to have all internal -> =
external=20
traffic route through ISPA. In the event that ISPA goes down then the =
ISPB=20
connection should take over automatically with out the users noticing =
except=20
that things are slower because ISPB is a slower connection. This means =
the=20
default gateway would have to change on the fly and I can't seem to =
locate much=20
information on how this can work.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks in =
advance, John </FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Nick wrote:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><FONT size=3D3>DATE:=20
10/25/2000 19:58:00<BR>SUBJECT: RE: Multipath=20
natd</FONT></FONT></DIV>
<DIV><FONT face=3DArial size=3D2> <FONT face=3DCOURIER>n Wed, 25 =
Oct 2000, John=20
Prince wrote:<BR><BR>> Hello..<BR>> Is it possible (I have been=20
trying)....<BR>> I have noticed other requests, however there does =
not seem=20
to be any answers..<BR>> <BR>> I have a firewall setup, IPFW and =
Natd,=20
with 2 external interfaces, and a <BR>> single internal.<BR>> Each =
external interface is connected to a provider.<BR>> Setup is as=20
follows..<BR>> External Internal.<BR>> bbb.bbb.bbb.bbb=20
---------------<BR>> |--------------- ccc.ccc.ccc.ccc<BR>> =
aaa.aaa.aaa.aaa=20
---------------<BR>> The internal network consists of 2 nets, =
10.0.1.0 and=20
10.0.2.0<BR>> What I want to do is route any traffic from the =
10.0.1.0=20
network to the <BR>> (bbb) external<BR>> interface, and traffic =
from the=20
10.0.2.0 to the the (aaa) interface..<BR>> Ipfw and Natd appear to =
function,=20
as long as I specify a default route..<BR>> I would like to do this =
all on a=20
single machine, if possible..<BR>> Any help would be greatly=20
appreciated..<BR><BR> It`s possible. Run 2 differnet natd`s. =
Setup=20
ipfw like so:<BR><BR> #Don;t Divert local traffic<BR> ipfw add 50 allow =
ip from=20
10.0.1.0/24 to 10.0.2.0/24<BR> ipfw add 51 allow ip from 10.0.2.0/24 to=20
10.0.1.0/24<BR><BR> #Dvert traffic from 1.0/24 out and in interface =
B<BR> ipfw=20
add 100 divert natd ip from 10.0.1.0/24 to any<BR> ipfw add 101 divert =
natd ip=20
from any to any in via $INTERFACE_B<BR><BR> #Divert traffic from 2.0/24 =
network=20
in and out int a<BR> ipfw add 200 divert natd2 ip from 10.0.2.0/24 to=20
any<BR> ipfw add 201 divert natd2 ip from any to any in via=20
$INTERFACE_A<BR><BR><BR> #Add routing for these natd`d addresses<BR> =
ipfw add=20
1000 fwd $INTERFACE_B_NEXT_HOP ip from <BR> $INTERFACE_B_ADDRESS to=20
any<BR><BR> ipfw add 2000 fwd $INTERFACE_A_NEXT_HOP ip from=20
<BR> $INTERFACE_A_ADDRESS to any<BR><BR> #Leave on for testing until it=20
works<BR> ipfw add 3000 allow ip from any to any<BR><BR> Then after you =
do that=20
setup the 2 different natd`s to listen on<BR> different ports (default =
8668) and=20
another entry=20
int<BR> /etc/services:<BR><BR> =
natd2 =20
8669/divert # Network Address Translation<BR><BR> Then run the nat`s=20
seperately:<BR><BR> root# natd -p 8668 -a $INTERFACE_B_ADDRESS<BR> =
root# natd=20
-p 8669 -a $INTERFACE_A_ADDRESS<BR><BR><BR><BR>Nick Rogness<BR>- Drive=20
defensively. Buy a tank.<BR></FONT></DIV></FONT></BODY></HTML>
------=_NextPart_000_0023_01C03F84.20308EA0--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002601c03fa5$a760da30$0100000a>