Date: Mon, 10 Nov 2003 05:57:43 -0800 From: "Aaron Burke" <aburke@nullplusone.com> To: <"."@babolo.ru>, <freebsd-net@freebsd.org> Subject: RE: Routing With Two ISPs? Message-ID: <AMEMKJNMFLJCJDLFIEDBIELIEPAA.aburke@nullplusone.com> In-Reply-To: <1068252022.523087.89843.nullmailer@cicuta.babolo.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> Subject: Re: Routing With Two ISPs? > > > [ Charset windows-1252 unsupported, converting... ] > > I have a 4.8 box serving as a gateway with two connections to the > > Internet. Is there some way to set the box up so that packets are > > routed out through the same interface from which they arrived? For > > example, if a connection is initiated on port 80 from a packet arriving > > on one interface, is there a way to make the outgoing packets from my > > web server use that same interface as a gateway instead of the default > > interface? > > > > Any suggestions appreciated. > It's easy IMHO Its not too difficult to set up and get running. I also have two ISP's (Cable Modem and DSL). If I understand what your asking, its similar to my situation. Because I run natd on both interfaces, I had to do a little poking around until I finally got everything working correctly. One of my ip addresses is provided via DHCP, the other is static. First off, in /etc/services copy the natd line and rename it natd2, change the port number to 8669 as well. (eg ..) natd 8668/divert # Network Address Translation natd2 8669/divert # Network Address Translation Second, I created a scripts that run natd on both ethernet cards and set them as executable. europa# more /usr/local/etc/rc.d/dc0-natd.sh #!/bin/sh if [ $# -eq 0 -o x$1 = xstart ]; then /sbin/natd -p natd -s -u -f /etc/natd.conf -n dc0 && echo -n ' natd started on dc0' cp /var/run/natd.pid /var/run/natd.dc0.pid fi if [ x$1 = xstop ]; then if [ -f /var/run/natd.dc0.pid ]; then kill `cat /var/run/natd.dc0.pid` fi fi europa# more /usr/local/etc/rc.d/ed0-natd.sh #!/bin/sh if [ $# -eq 0 -o x$1 = xstart ]; then /sbin/natd -p natd2 -s -u -f /etc/natd.conf -n ed0 && echo -n ' natd started on ed0' cp /var/run/natd.pid /var/run/natd.ed0.pid fi if [ x$1 = xstop ]; then if [ -f /var/run/natd.ed0.pid ]; then kill `cat /var/run/natd.ed0.pid` fi fi Then I commented out the natd lines in /etc/rc.conf for natd, because I am running it from these other scripts instead. I would run it from rc.conf, but I would have needed to hack up some other rc.files to get that working. A seperate script requred less code. At this point both networks work, and they can both be used as the default gateway. I also suggest adding mappings to the default gateway on both ISP's to /etc/hosts . This will save most people a small head ache. Next up, my DSL provider has given me a subnet mask of 255.255.255.224. However, he owns the entire class C address space. So to save myself a bit of time, I added a static route to his Class C in /etc/rc.conf . (in /etc/rc.conf) static_routes="dsl" route_dsl=" -net x.y.172 x.y.172.104 255.255.255.0" And finally, if you are running a firewall, you need to make sure that you have divert rules in place for both natd interfaces. In my case I use (dc0 = Cable, ed0 = DSL): ipfw add 00100 divert 8668 ip from any to any via dc0 ipfw add 00101 divert 8669 ip from any to any via ed0 > Each external iface with it's own natd, > each forwards 80 port incoming to two > http servers with different IP or port. Just remember, natd needs to run on seperate ports. And you can tell natd which port to use with the -p arguement. > > outgoing traffic can be forwarded to appropriate > natd via ipfw rules depending on src IP or port Yes, several people also divert certain types of traffic out specific interfaces using Firewall rules. My situation doesnt really require this, but several people can share there examples. Hope this is what you were asking for. And with any luck, I have not forgotten to mention anything. If it isnt working for you, feel free to get in touch with me via aburke@nullplusone.com.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AMEMKJNMFLJCJDLFIEDBIELIEPAA.aburke>