From owner-freebsd-questions  Mon Mar  4  1: 1:30 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from www.kozubik.com (www.kozubik.com [198.78.70.162])
	by hub.freebsd.org (Postfix) with ESMTP id BF4D237B400
	for <questions@FreeBSD.ORG>; Mon,  4 Mar 2002 01:01:27 -0800 (PST)
Received: from localhost (john@localhost)
	by www.kozubik.com (8.11.0/8.11.0) with ESMTP id g248gLo87960;
	Mon, 4 Mar 2002 00:42:21 -0800 (PST)
	(envelope-from john@kozubik.com)
Date: Mon, 4 Mar 2002 00:42:21 -0800 (PST)
From: John Kozubik <john@kozubik.com>
X-Sender: john@www
To: Mike D <d01f1n@yahoo.com>
Cc: questions@FreeBSD.ORG
Subject: Re: multiple defaultrouter
In-Reply-To: <20020304001952.PLTC8848.mta02-svc.ntlworld.com@there>
Message-ID: <Pine.BSF.4.21.0203040027430.87686-100000@www>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


Multiple gateways are indeed possible - support for them is
mandated by RFC.

However, it has been reported that simply adding more default routes with
the standard `route` commands will not be successful.  Something along the
lines of:

route: writing to routing socket: File exists
add net 0.0.0.0: gateway 192.168.1.1: File exists

One simple solution to your problem can be had with `ipfw`, support for
which you will need to add to your kernel.  options IPFIREWALL and
IPDIVERT.  You may wish to add other options like IPFIREWALL_VERBOSE, etc.

`ipfw` rulesets like this:

## Allow traffic to flow normally
ipfw add allow ip from 192.168.0.0/24 to 192.168.0.0/24
## Forward other traffic to router 1
ipfw add fwd 192.168.0.1 ip from 192.168.0.0/24 to any
## Allow traffic to flow normally
ipfw add allow ip from 10.0.0.0/24 to 10.0.0.0/24
## Forward other traffic to router 2
ipfw add fwd 10.0.0.1 ip from 10.0.0.0/24 to any

First rule allows normal traffic within the subnet to do as it
will.  Second rule dictates that packets in subnet 192.168.0.0/24 bound to
other places hit router 1.  Third rule allows normal traffic within this
other subnet to do as it will.  Fourth rule dictates that packets in
subnet 10.0.0.0/24 bound to other places will hit router 2.

-----
John Kozubik - john@kozubik.com - http://www.kozubik.com



On Mon, 4 Mar 2002, Mike D wrote:

> I have a machine that sits in the dmz and needs to be use 2 firewalls as 
> gateways as possible, otherwise one firewall does not not know what to do 
> with traffic intended for the other one.
> 
> Basically, how do i specify 2 "defaultrouter"s for 1 machine?
> 
> Thanks in advance,
> 
> Mike
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message