From owner-freebsd-questions@FreeBSD.ORG Fri Feb 18 10:04:06 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 858A616A4CE for ; Fri, 18 Feb 2005 10:04:06 +0000 (GMT) Received: from priv-edtnes28.telusplanet.net (outbound04.telus.net [199.185.220.223]) by mx1.FreeBSD.org (Postfix) with ESMTP id F40FA43D49 for ; Fri, 18 Feb 2005 10:04:05 +0000 (GMT) (envelope-from pfak@telus.net) Received: from [192.168.1.253] (really [64.180.103.26]) by priv-edtnes28.telusplanet.net (InterMail vM.6.01.04.00 201-2131-118-20041027) with ESMTP <20050218100405.TIUX9620.priv-edtnes28.telusplanet.net@[192.168.1.253]> for ; Fri, 18 Feb 2005 03:04:05 -0700 Message-ID: <4215BD9A.7070002@telus.net> Date: Fri, 18 Feb 2005 02:04:10 -0800 From: Peter Kieser User-Agent: Mozilla Thunderbird 0.6+ (Windows/20050216) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: FreeBSD multi-homed w/ipnat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Feb 2005 10:04:06 -0000 Hello, I am unable to get ipnat working in a multi homed FreeBSD system. Is there some special method that works? because I've yet to find it. What I am attempting to do is: I have 2 Internet Connections (one is DSL and the other is cable), they are dc0 and dc1 respectively. I also have an interface facing my local LAN. I have two segments on my LAN, one is 192.168.1.0/24, and the other is 192.168.2.0/24 - What I am attempting to do is have the DSL line (dc0) to be used for one segment, and the cable (dc1) for the other segment. I am *not* attempting to load balance. My current ifconfig produces the following: dc0: flags=108843 mtu 1500 options=8 inet6 fe80::250:bfff:fead:886%dc0 prefixlen 64 scopeid 0x1 inet 64.180.103.x netmask 0xfffffc00 broadcast 64.180.103.255 ether 00:50:bf:ad:08:86 media: Ethernet autoselect (10baseT/UTP) status: active dc1: flags=108843 mtu 1500 options=8 inet6 fe80::250:bfff:fead:884%dc1 prefixlen 64 scopeid 0x2 inet 70.68.27.x netmask 0xfffffc00 broadcast 255.255.255.255 ether 00:50:bf:ad:08:84 media: Ethernet autoselect (100baseTX ) status: active vr0: flags=8843 mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::211:d8ff:fe3d:564a%vr0 prefixlen 64 scopeid 0x3 ether 00:11:d8:3d:56:4a media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 The gateway for dc1 is 70.68.24.1, the gateway for dc0 is 64.180.100.254, I have managed to get both IP addresses working on the machine by adding the following ipf rule: pass out quick on dc0 to dc1:70.68.24.1 from 70.68.27.x to any pass out quick on dc1 to dc0:64.180.100.254 from 64.180.103.x to any This makes sure that the packet is forwarded to the correct interface based on the source IP address, however when I enabled these rules my NAT *fails* forward packets to the internet, my ipnat configuration is as follows: map dc0 192.168.1.0/24 -> 0/32 map dc1 192.168.2.0/24 -> 0/32 Am I missing something here? --Peter