Date: Fri, 6 Feb 2004 13:02:24 -0000 From: "chris scott" <chris.scott@uk.tiscali.com> To: "Edwin Culp" <eculp@viviendaatualcance.com.mx>, "Ryan Thompson" <ryan@sasknow.com> Cc: net@freebsd.org Subject: Re: 2 isp's, one LAN and need to divide traffic. Message-ID: <02ac01c3ecb1$7945a600$86102c0a@viper> References: <20040205094541.U43880-100000@ren.sasknow.com> <20040205115651.wgw88sgcgwg4osg4@mail.viviendaatualcance.com.mx>
next in thread | previous in thread | raw e-mail | index | archive | help
should be easy enough to do. You will probably need to have two instances of natd running, one for each interface. e.g. /sbin/natd -a x -p 8868 /sbin/natd -a y -p 8869 where x and y are the ips of the interfaces you are using, you could probably use the -n option and -dynamic options if you are on a static setup. Note it will be inportant which interface your default route will point to. I'm assuming its tun0.so am configuring ipfw to deal with outgoing traffic on that interface, something like this should do ipfw add 1 divert 8868 tcp from any to any 25 out via tun0 ipfw add 2 divert 8868 udp from any to any 53 out via tun0 ipfw add 3 divert 8869 all from any to any via tun0 these rules should redirect outgoing mail and dns requests to a different instance of natd than is used for all other traffic this will be bound to tun1 There is also another potential way of doing it as well. If you have a list of all the dns and email servers your clients use you could add some static routes for those hosts/subnets to force all traffic for them to use a specific interface. This would be cludgy though as all traffic for those hosts would be forced that way not just email and dns Chris ----- Original Message ----- From: "Edwin Culp" <eculp@viviendaatualcance.com.mx> To: "Ryan Thompson" <ryan@sasknow.com> Cc: <net@freebsd.org> Sent: Thursday, February 05, 2004 5:56 PM Subject: Re: 2 isp's, one LAN and need to divide traffic. > Quoting Ryan Thompson <ryan@sasknow.com>: > > > Edwin Culp wrote to net@freebsd.org: > > > >> Is there a, hopefully simple, way to divide bidirectional traffic > >> (LAN/INTERNET)between 2 internet connections more or less as the > >> diagram below. I've just added a DSL connection with a lot more > >> bandwidth than my ds0. I want to use the ds0 exclusively for email and > >> DNS that I consider, in my case, to be lower priority and the DSL for > >> all other traffic? > > > > Sure. Unless I'm misunderstanding what you're asking for... just bind > > your email and DNS server to one or two of the ds0 IPs. Don't listen for > > those services on the Provider2 IP. Then bind your other services to the > > Provider2 IP. > > > > If you're directing this all to an RFC1918 internal network (i.e., the > > server(s) do not have public IPs), you're probably already using NAT, > > and can make use of static NAT and the -redirect_port feature. > > Ryan > > That is exactly what I want to do. I've seen that in the NAT docs but was > unsure how and if it would work in my case. I've never used NAT in anything > but the default firewall configuration. I'm going to do some reading and > testing. > > Thanks so much, > > ed > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?02ac01c3ecb1$7945a600$86102c0a>