Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Mar 2004 22:27:48 +1100
From:      Tony Frank <tfrank@optushome.com.au>
To:        asd ads <jason_highland@yahoo.com>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Multiple natd and inbound web traffic
Message-ID:  <20040309112748.GB8528@marvin.home.local>
In-Reply-To: <20040309071417.28175.qmail@web41307.mail.yahoo.com>
References:  <20040309071417.28175.qmail@web41307.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi there,

On Mon, Mar 08, 2004 at 11:14:17PM -0800, asd ads wrote:
> I have the following setup below.  A FreeBSD 4.9
> machine with 3 nics fxp0, fxp1 and ed0. Fxp0 is
> connected to my DSL connection, fxp1 is connected to
> my Cable connection and ed0 is my internal network.
> 
> 
> xx.xx.12.1     yy.yy.34.1
> ---------        ------
> |  DSL  |        |Cable|
> ---------        ------
>    |               |
>     \             /
>      \           / 
>       \         /
>        \       /
>         \     / 
>     fxp0 |    | fxp1
>    .12.2 |    |.34.2
>          |    |
>     -----------------
>     |      FW       |
>     | Default route |
>     |  xx.xx.12.1   |
>     |	              |
>     -----------------
>             |
>             |ed0
>             |192.168.200.1
>             |
>             |
>           -----
>           |   |
>           |   | Web Server
>           |   | 192.168.200.10:80
>           |   |
>           -----
> 
> What I'm trying to do:
> 
> Need to have inbound web traffic (from both
> connections) foward to the same internal web server.
> 
> Problem:
> 
> When a web connection is made to xx.xx.12.2:80(DSL),
> its nated to 192.168.200.10:80(websrv) and then back
> to the client(all is well at this point). 
> 
> The problem occars when a connection is made to 
> yy.yy.34.2:80(cable), it's nated with the second
> instance of nat to 192.168.200.10:80(websrv) but when
> it trys to respond back to the client the default
> route forces it back thru the first connection. 
> 
> Does anyone have a good example of a fwd & divert
> rules that would help with this issue?

Since you seem to have the nat going ok, you might just 
want to try something like this:

<natd etc>
02100 fwd xx.xx.12.1 ip from xx.xx.12.2
02200 fwd yy.yy.34.1 ip from yy.yy.34.2

Similar kind of thing works for my environment, though
I am not doing exactly the same thing.

Regards,

Tony

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040309112748.GB8528>