From owner-freebsd-net@FreeBSD.ORG Fri Aug 12 18:58:18 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2903716A42B for ; Fri, 12 Aug 2005 18:58:18 +0000 (GMT) (envelope-from julian@elischer.org) Received: from delight.idiom.com (delight.idiom.com [216.240.32.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1F6E43D45 for ; Fri, 12 Aug 2005 18:58:17 +0000 (GMT) (envelope-from julian@elischer.org) Received: from idiom.com (idiom.com [216.240.32.1]) by delight.idiom.com (Postfix) with ESMTP id B3118208FC9; Fri, 12 Aug 2005 11:58:17 -0700 (PDT) Received: from [192.168.2.2] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id j7CIwGwL025146; Fri, 12 Aug 2005 11:58:17 -0700 (PDT) (envelope-from julian@elischer.org) Message-ID: <42FCF148.5010400@elischer.org> Date: Fri, 12 Aug 2005 11:58:16 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050424 X-Accept-Language: en, hu MIME-Version: 1.0 To: Donatas References: <026001c59e7a$c6ca69c0$9f90a8c0@donatas> <42FBC0AE.8020803@elischer.org> <027701c59f02$0eb808a0$9f90a8c0@donatas> In-Reply-To: <027701c59f02$0eb808a0$9f90a8c0@donatas> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: routing problem (with corrected scheme) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2005 18:58:18 -0000 Donatas wrote: > hello, > I am sorry for a previous diagram that got wrapped . > If someone could take a look at the picture explaining the problem, I would be thankfull. > ftp://temp:temp@217.9.241.242/routing_problem.jpg - 136Kbytes. > Short description of a problem: I can't find a way to divert or route inbound traffic to specifiend ip(vlan) in IP level. > Do the users have to have real IP addresses or can they have NAT'd addresses? In other words, do they have INCOMING sessions or just outgoing sessions? If the latter then you could put a NATD on each of the vlan interfaces on the user router, so that the return packets will automatically go back to the vlan from which they came. Why do you need DIFFERENT VLANS between the two routers for data that will eventually go to different places? Why can't that decision be made on the core router? Is it just so you can shape traffic between the two routers? why not do the shaping on the core router? actually you should be able to do it with ipfw's 'fwd' rule without NAT. ipfw add 1000 fwd ip4 ip from any to ${USER_NETWORK} in recv em0 ipfw add 1001 fwd ip3 ip from any to ${USER_NETWORK} in recv em1