From owner-freebsd-net@FreeBSD.ORG Fri Feb 6 08:33:29 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 267B416A4CE for ; Fri, 6 Feb 2004 08:33:29 -0800 (PST) Received: from viviendaatualcance.com.mx (dsl-200-67-167-6.prod-infinitum.com.mx [200.67.167.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id E481C43D46 for ; Fri, 6 Feb 2004 08:33:22 -0800 (PST) (envelope-from eculp@viviendaatualcance.com.mx) Received: from localhost (localhost [127.0.0.1]) (uid 80) by viviendaatualcance.com.mx with local; Fri, 06 Feb 2004 10:33:22 -0600 Received: from local-62.local.net.mx (local-62.local.net.mx [192.168.5.62]) by mail.viviendaatualcance.com.mx (Horde) with HTTP for ; Fri, 6 Feb 2004 10:33:22 -0600 Message-ID: <20040206103322.0okcw8sg8k8s80gw@mail.viviendaatualcance.com.mx> Date: Fri, 6 Feb 2004 10:33:22 -0600 From: Edwin Culp To: chris scott References: <20040205094541.U43880-100000@ren.sasknow.com> <20040205115651.wgw88sgcgwg4osg4@mail.viviendaatualcance.com.mx> <02ac01c3ecb1$7945a600$86102c0a@viper> In-Reply-To: <02ac01c3ecb1$7945a600$86102c0a@viper> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.0-cvs cc: Ryan Thompson cc: net@freebsd.org Subject: Re: 2 isp's, one LAN and need to divide traffic. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2004 16:33:29 -0000 Quoting chris scott : > should be easy enough to do. You will probably need to have two instances of > natd running, one for each interface. e.g. > > /sbin/natd -a x -p 8868 > /sbin/natd -a y -p 8869 That is another option that I should try and probably why the rules diverts and forwards that I tried without two processes didn't work. A question on rule 3 below shouldn't tun0 be interface y from above? Thanks so much for your help. One thing for sure I've read more about natd and natd.conf than I ever expected and thanks to you folks, I'm starting to see the light at the end of the tunnel. Have a great weekend. ed > > where x and y are the ips of the interfaces you are using, you could > probably use the -n option and -dynamic options if you are on a static > setup. > > Note it will be inportant which interface your default route will point to. > I'm assuming its tun0.so am configuring ipfw to deal with outgoing traffic > on that interface, something like this should do > > ipfw add 1 divert 8868 tcp from any to any 25 out via tun0 > ipfw add 2 divert 8868 udp from any to any 53 out via tun0 > ipfw add 3 divert 8869 all from any to any via tun0 > > these rules should redirect outgoing mail and dns requests to a different > instance of natd than is used for all other traffic > this will be bound to tun1 > > There is also another potential way of doing it as well. If you have a list > of all the dns and email servers your clients use you could add some static > routes for those hosts/subnets to force all traffic for them to use a > specific interface. This would be cludgy though as all traffic for those > hosts would be forced that way not just email and dns > > > Chris > > > ----- Original Message ----- > From: "Edwin Culp" > To: "Ryan Thompson" > Cc: > Sent: Thursday, February 05, 2004 5:56 PM > Subject: Re: 2 isp's, one LAN and need to divide traffic. > > >> Quoting Ryan Thompson : >> >> > Edwin Culp wrote to net@freebsd.org: >> > >> >> Is there a, hopefully simple, way to divide bidirectional traffic >> >> (LAN/INTERNET)between 2 internet connections more or less as the >> >> diagram below. I've just added a DSL connection with a lot more >> >> bandwidth than my ds0. I want to use the ds0 exclusively for email and >> >> DNS that I consider, in my case, to be lower priority and the DSL for >> >> all other traffic? >> > >> > Sure. Unless I'm misunderstanding what you're asking for... just bind >> > your email and DNS server to one or two of the ds0 IPs. Don't listen for >> > those services on the Provider2 IP. Then bind your other services to the >> > Provider2 IP. >> > >> > If you're directing this all to an RFC1918 internal network (i.e., the >> > server(s) do not have public IPs), you're probably already using NAT, >> > and can make use of static NAT and the -redirect_port feature. >> >> Ryan >> >> That is exactly what I want to do. I've seen that in the NAT docs but was >> unsure how and if it would work in my case. I've never used NAT in > anything >> but the default firewall configuration. I'm going to do some reading and >> testing. >> >> Thanks so much, >> >> ed >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"