Date: Sun, 20 Jan 2002 01:52:55 -0500 From: Allen Landsidel <all@biosys.net> To: freebsd-questions@freebsd.org Subject: multihomed routing woes.. Message-ID: <5.1.0.14.0.20020120013959.00aaaff8@rfnj.org>
next in thread | raw e-mail | index | archive | help
[please reply off-list.. not subscribed.] Ok.. for several hours I've been banging my head against the proverbial brick wall, trying to resolve an issue that's been a nuisance for some time. To start from the begining.. my network looks like this : [LAN] <--> [firewall] <--> [router] <--> [internet] The lan side has a public /28 block. The firewall has one address from that block on the interior interface, and an address in the 10/8 block on the exterior. The router has an address on the 10/8 block on the interior, the ISP assigned address on the WAN interface, and a static route to the firewall 10/8 for my IP block. The problem is simple : All outgoing traffic that *originates* on the firewall attempts to use the 10/8 address. I'm looking for some easy way to force it to use it's internal address for traffic destined to go out the exterior interface, but so far to no avail. My brain can't seem to think of a way to do this via route, and natd + my current stateful IPFW appears to be a no-go.. searching the lists and usenet have turned up others with the same problems, but no real solutions using these tools. Apparently my only options are: 1) ditch the stateful ipfw configuration in favor of a simple 'established' rule (ick) 2) (maybe?) switch to ipf/ipnat. 3) Set up a proxy on one of the internal machines and have the firewall go through that to get out (ick) 4) Probably other silly hacks like 1,3 that are no more elegant. Any help is appreciated.. I'm going nuts here. -Allen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020120013959.00aaaff8>