Date: Tue, 07 Oct 2008 00:04:24 +1030 From: Andrew D <andrewd@webzone.net.au> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: multihomed fbsd7 router with nat Message-ID: <48EA13E0.9040600@webzone.net.au>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------040807050906090405080007
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
G'Day all,
Got a network that has 2 DSL connections.
The 1st has cheap data and the 2nd is a more reliable provider.
Basically all data goes out the first provider except some IPs which
will use the second provider (just a ipfw fwd rule).
If the cheap one goes offline data has to route out via the 2nd ISP,
likewise if the 2nd does happen to go off then the fwd rule needs to be
dropped.
I have already solved this with an attached script (for
suggestions and maybe to help others who may face this problem in the
future).
Anyway I plan to put the 2 modems into bridge mode use the ppp that
comes with fbsd to do the auth side of things.
My question is what should I use for NAT. Use the inbuilt NAT that
comes with PPP or firewall based?
TIA
Cheers
cya
Andrew
--------------040807050906090405080007
Content-Type: text/plain;
name="monitor_routing.sh"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="monitor_routing.sh"
#!/usr/local/bin/bash
FWRUL=10000
# put main connection first
# the names must match the config names in /etc/ppp/ppp.conf
# Must also have a /etc/namedb/named.conf.ISP_NAME for each
# ISP so that named's forward lookups points to the right name server
PISP='isp1'
BISP='isp2'
FWBLOCK='192.168.1.209/28'
LAN='192.168.1.0/24'
# Functions
function getgwip {
PID=$1
GW=''
for i in 0 1 2 3 4 5 6 7 8 9; do
STR=`ifconfig tun$i 2>/dev/null |grep "PID $pid" `
if [ -n "$STR" ]; then
GW=`ifconfig tun$i |grep inet |tail -n 1|awk '{print $2 " " $4}'`
fi
done
echo $GW
}
function ch_route {
X="Changing routing for all data to: $2\nOld default gateway: $3"
GW=`getgwip $1 |awk '{print $2}'`
if [ "$GW" == "$3" ]; then
exit;
fi
echo "$X"
/sbin/route delete default
/sbin/route add default $GW
echo "New default gateway: $GW"
cp /etc/named/named.conf.$ROUTO /etc/namedb/named.conf
/etc/rc.d/named reload
exit
}
function ch_firewall {
if [ "$1" != "$PISP" ]; then
/sbin/ipfw -q delete $FWRUL >/dev/null 2>&1
else
F=`ipfw show $FWRUL 2>/dev/null|| echo FAIL`
if [ "$F" == "FAIL" ]; then
/sbin/ipfw -q add $FWRUL fwd $2 ip from $FWBLOCK to not $LAN
fi
fi
}
PPPCOM='/usr/sbin/ppp -quiet -ddial -nat '
PID1=`ps ax | grep ppp | grep -v grep |grep "$PISP" |awk '{print $1}'`
PID2=`ps ax | grep ppp | grep -v grep |grep "$BISP" |awk '{print $1}'`
ROUTO=''
if [ -z "$PID1" ] then
$PPPCOM $PISP >/dev/null 2>&1 &
ROUTO=$BISP
RPID="$PID2"
fi
if [ -z "$PID2" ] then
$PPPCOM $BISP >/dev/null 2>&1 &
ROUTO=$PISP
RPID=$PID1
fi
CGW=`netstat -rn | grep "^default" | awk '{print $2}'`
if [ -n "$ROUTO" ]; then
echo "restarting $ROUTO"
ch_firewall clear
ch_route $RPID "$ROUTO" "$CGW"
fi
TMP=`getgwip $PISP`
PGW=`echo $TMP | awk '{print $2}'`
PIP=`echo $TMP | awk '{print $1}'`
TMP=`getgwip $BISP`
BGW=`echo $TMP | awk '{print $2}'`
BIP=`echo $TMP | awk '{print $1}'`
OUT="Current default gateway: $CGW"
if [ -z "$PIP" -a -z "$BIP" ]; then
logg "BOTH $PISP and $BISP are DOWN!!"
exit
fi
if [ -z "$PIP" ]; then
if [ "$CGW" != "$BGW" ]; then
logg "$PISP currently down"
ch_firewall clear
ch_route $PID2 "$BISP" "$CGW"
fi
exit
fi
if [ -z "$BIP" ]; then
if [ "$CGW" != "$PGW" ]; then
logg "$BISP currently down"
ch_firewall clear
ch_route $PID1 "$PISP" "$CGW"
fi
exit
fi
PISPING=`ping -n -s 1 -o -c 5 -S $PIP -W 5000 -t 6 $PGW >/dev/null 2>&1 || echo FAIL`
BISPING=`ping -n -s 1 -o -c 5 -S $BIP -W 5000 -t 6 $BGW >/dev/null 2>&1 || echo FAIL`
if [ "$PISPING" == "FAIL" ]; then
if [ "$CGW" != "$BGW" ]; then
logg "$PISP currently down"
ch_firewall clear
ch_route $PID2 "$BISP" "$CGW"
fi
exit
fi
if [ "$BISPING" == "FAIL" ]; then
if [ "$CGW" != "$PGW" ]; then
logg "$BISP currently down"
ch_firewall clear
ch_route $PID1 "$PISP" "$CGW"
fi
exit
fi
FWCHECK=`ipfw show $FWRUL 2>/dev/null || echo FAIL`
if [ "$FWCHECK" != "FAIL" ];
logg "Added policy routing for $FWBLOCK"
ch_firewall $PISP
fi
if [ "$CGW" != "$PGW" ]; then
logg "Changed routing back to $PISP"
ch_route $PID1 "$PISP" "$CGW"
fi
--------------040807050906090405080007--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48EA13E0.9040600>