From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 16 21:58:09 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0010E16A4CE for ; Tue, 16 Mar 2004 21:58:08 -0800 (PST) Received: from bsd1.hostthecoast.org (dsl-230-142.ipns.com [209.210.230.142]) by mx1.FreeBSD.org (Postfix) with SMTP id 5A23043D41 for ; Tue, 16 Mar 2004 21:58:08 -0800 (PST) (envelope-from jtd@hostthecoast.org) Received: (qmail 60244 invoked from network); 17 Mar 2004 05:59:21 -0000 Received: from unknown (HELO host1) (10.2.1.51) by bsd1.hostthecoast.org with SMTP; 17 Mar 2004 05:59:21 -0000 Message-ID: <002701c40be5$43298f70$3301020a@hostthecaost.org> From: "J.T. Davies" To: References: <1078597745.1981.15.camel@w1-par1-fr.corp.ndsoftware.com> <20040317021928.GA26065@scylla.towardex.com> Date: Tue, 16 Mar 2004 22:01:17 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Internal routing to different gateway X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 05:58:09 -0000 Hello everyone (again), I've come up with a brainstorm. My situation is this: I have an internal mail server running qmail on FreeBSD (ip of 10.2.1.52). I have two gateway/routers:: Internal IP's of 10.2.1.1 and 10.2.1.2, each has their own external IP's. The mail server (10.2.1.52) has a default_router set as 10.2.1.1. However, traffic coming in from 10.2.1.2 is answered via 10.2.1.1 (and not going back out the original route of 10.2.1.2). Of course this doesn't work because the NAT tables don't sync up between the two, so 10.2.1.1 doesn't know where to route the reply traffic. Incoming traffic on 10.2.1.1 works very well. Here's my potential solution...please tell me if there's a better way (through another port) or if I'm on a good track. ========== I create an IP alias on the mail server (10.2.1.53) and create routes in natd on 10.2.1.2 to route SMTP and POP3 traffic to the new alias IP. I enable IPFW on the mail server (defaults to allow connections because it's internal). I'll add two rules: ipfw add fwd 10.2.1.2 from 10.2.1.53 to any out via vr0 ipfw add fwd 10.2.1.1 from 10.2.1.52 to any out via vr0 (I think the syntax of the rules are right...if not, I'll experiment to perfect them) ========== Thoughts? J.T.