From owner-freebsd-questions@FreeBSD.ORG Sun Feb 6 13:15:15 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E1F116A4CE for ; Sun, 6 Feb 2005 13:15:15 +0000 (GMT) Received: from ctb-mesg1.saix.net (ctb-mesg1.saix.net [196.25.240.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 32DCE43D3F for ; Sun, 6 Feb 2005 13:15:14 +0000 (GMT) (envelope-from savage@savage.za.org) Received: from netsphere.cenergynetworks.com (wblv-146-208-196.telkomadsl.co.za [165.146.208.196]) by ctb-mesg1.saix.net (Postfix) with ESMTP id 8556C5490 for ; Sun, 6 Feb 2005 15:15:11 +0200 (SAST) Received: from pmx.ournet.co.za ([198.19.0.73] helo=netsphere.cenergynetworks.com) by netsphere.cenergynetworks.com with smtp (Exim 4.41) id 1CxmFr-000D5m-pw for freebsd-questions@freebsd.org; Sun, 06 Feb 2005 15:15:11 +0200 Received: from [192.168.1.10] (helo=netphobia) by netsphere.cenergynetworks.com with smtp (Exim 4.41) id 1CxmFp-000D5i-se for freebsd-questions@freebsd.org; Sun, 06 Feb 2005 15:15:09 +0200 Message-ID: <005401c50c4d$f01573c0$0a01a8c0@ops.cenergynetworks.com> From: "Chris Knipe" To: References: <001a01c50c48$a63ab0d0$0a01a8c0@ops.cenergynetworks.com> <003001c50c49$48261b50$0a01a8c0@ops.cenergynetworks.com> <797811732.20050206140152@hexren.net> Date: Sun, 6 Feb 2005 15:15:32 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-Broken-Reverse-DNS: 192.168.1.10 X-PMX-Version: 4.7.0.111621, Antispam-Engine: 2.0.2.0, Antispam-Data: 2005.2.6.1 Subject: Re: Re[2]: ipfw / ppp NAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris Knipe List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Feb 2005 13:15:15 -0000 > given that tun0 is the interface that connects x.x to the world (y.y) > then what you have now would be: > "ipfw add divert natd all from any to any via tun0" > > from what I understand what you want you should probably add somethin > like: > "ipfw add divert natd all from any to any via rl0" > rl0 being the interface connecting x.x to x.1 > > on related news, why would u want to do something like that ? > > Hexren Quite complex.... 1) I have a routed network on 198.18/15 going via NAT to the net. 2) I have two gateways, running VRRP for high redundancy. 3) Gateway 1 routes "local traffic" via tun0, the rest (ala international) is sent to gateway 2 4) Gateway 2 routes "the rest" via tun0, and "local traffic" to gateway 1 This all happens now via BGP, and so far this is working without a problem. The problem now, is that I only receive one "real" IP per PPPoE session. Multilink is out of the question (not supported), so is getting multiple IPs per session. A further problem, is that the gateway address of these PPPoE sessions, are 100% exactly the same. Thus, what I need to achieve now (and hence what is my problem): 1) I need to establish MULTIPLE PPPoE sessions on Gateway 1 (even if the gateway address of the PtP link are the same) - BIG problem. I have semi fixed this by forcing my gateway address of the secondary pppoe sesssions to be the rl0 interface (and this is working) (i.e. ifaddr 10.0.0.1/32 x.x.x.x 255.255.255.0 0.0.0.0) 2) I need to be able to forward the live ip address received from one of the secondary PPPoE Sessions on Gateway1 to any host inside my routed network (198.18/15). 3) The load balancing and routing between Gateway 1 and Gateway 2 should all still work, and basically just exclude what ever is happening on the secondary PPPoE Sessions. I know I'm not giving allot of information, but this is ALLOT of work / configurations. If it's not a problem, I will post what is required (config wise), but yeah... We're talking close to 300 statically managed routes between Gateway 1 & 2... What my problem is now, is basically what would seem, like a nat / routing issue. PPP1 -> GW1 -> 198.18/15 PPP2 -> GW1 -> CLIENT1 INSIDE 198.18/15 Incoming, the connectivity is working. I establish a connection to PPP2, GW1 forwards the data to CLIENT1, and a tcpdump shows that the data does arrive. The problem is that the replies from CLIENT one, goes to GW1 and GW1 transmit the data back to the Internet via PPP1, and not PPP2...... Thus, in a nutshell now, I need to "map" PPPx to CLIENTx without causing any problems for the rest of the network.... -- Chris