Date: Thu, 26 Oct 2000 19:37:07 -0400 From: "John Telford" <j.telford@sympatico.ca> To: <nick@rapidnet.com> Cc: <freebsd-net@FreeBSD.ORG> Subject: Multihomed natd, nics and default gateways continued. Message-ID: <002601c03fa5$a760da30$0100000a@johnny5>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Nick,
You are wise in the ways of FreeBSD and routing. Could you take a moment and provide some tips on how I could expand on your help to John Prince ?
I have a similar setup but would like it to behave slightly differently. My setup:
1 internal interface.
1 external interface doing natd, default gateway routing for the internal to an isp.
We have now brought in a second ISP and put a 3rd interface into the Freebsd box. I'd like to have a setup like this:
ISPA-----------interface A_fxp0
fxp2_NATD--interface C---------internal network 10.130.x.x
ISPB-----------interface b_fxp1
I would like to have all internal -> external traffic route through ISPA. In the event that ISPA goes down then the ISPB connection should take over automatically with out the users noticing except that things are slower because ISPB is a slower connection. This means the default gateway would have to change on the fly and I can't seem to locate much information on how this can work.
Thanks in advance, John
Nick wrote:
DATE: 10/25/2000 19:58:00
SUBJECT: RE: Multipath natd
n Wed, 25 Oct 2000, John Prince wrote:
> Hello..
> Is it possible (I have been trying)....
> I have noticed other requests, however there does not seem to be any answers..
>
> I have a firewall setup, IPFW and Natd, with 2 external interfaces, and a
> single internal.
> Each external interface is connected to a provider.
> Setup is as follows..
> External Internal.
> bbb.bbb.bbb.bbb ---------------
> |--------------- ccc.ccc.ccc.ccc
> aaa.aaa.aaa.aaa ---------------
> The internal network consists of 2 nets, 10.0.1.0 and 10.0.2.0
> What I want to do is route any traffic from the 10.0.1.0 network to the
> (bbb) external
> interface, and traffic from the 10.0.2.0 to the the (aaa) interface..
> Ipfw and Natd appear to function, as long as I specify a default route..
> I would like to do this all on a single machine, if possible..
> Any help would be greatly appreciated..
It`s possible. Run 2 differnet natd`s. Setup ipfw like so:
#Don;t Divert local traffic
ipfw add 50 allow ip from 10.0.1.0/24 to 10.0.2.0/24
ipfw add 51 allow ip from 10.0.2.0/24 to 10.0.1.0/24
#Dvert traffic from 1.0/24 out and in interface B
ipfw add 100 divert natd ip from 10.0.1.0/24 to any
ipfw add 101 divert natd ip from any to any in via $INTERFACE_B
#Divert traffic from 2.0/24 network in and out int a
ipfw add 200 divert natd2 ip from 10.0.2.0/24 to any
ipfw add 201 divert natd2 ip from any to any in via $INTERFACE_A
#Add routing for these natd`d addresses
ipfw add 1000 fwd $INTERFACE_B_NEXT_HOP ip from
$INTERFACE_B_ADDRESS to any
ipfw add 2000 fwd $INTERFACE_A_NEXT_HOP ip from
$INTERFACE_A_ADDRESS to any
#Leave on for testing until it works
ipfw add 3000 allow ip from any to any
Then after you do that setup the 2 different natd`s to listen on
different ports (default 8668) and another entry int
/etc/services:
natd2 8669/divert # Network Address Translation
Then run the nat`s seperately:
root# natd -p 8668 -a $INTERFACE_B_ADDRESS
root# natd -p 8669 -a $INTERFACE_A_ADDRESS
Nick Rogness
- Drive defensively. Buy a tank.
[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4134.600" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2><FONT size=3>Nick,</FONT></FONT></DIV>
<DIV><FONT face=Arial>You are wise in the ways of FreeBSD and routing.
Could you take a moment and provide some tips on how I could expand on your help
to John Prince ?</FONT></DIV>
<DIV><FONT face=Arial>I have a similar setup but would like it to behave
slightly differently. My setup:</FONT></DIV>
<DIV><FONT face=Arial>1 internal interface.</FONT></DIV>
<DIV><FONT face=Arial>1 external interface doing natd, default gateway
routing for the internal to an isp.</FONT></DIV>
<DIV><FONT face=Arial>We have now brought in a second ISP and put a 3rd
interface into the Freebsd box. I'd like to have a setup like this:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>ISPA-----------interface A_fxp0</FONT></DIV>
<DIV><FONT face=Arial
size=2> fxp2_NATD--interface
C---------internal network 10.130.x.x</FONT></DIV>
<DIV><FONT face=Arial size=2>ISPB-----------interface
b_fxp1</FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I would like to have all internal -> external
traffic route through ISPA. In the event that ISPA goes down then the ISPB
connection should take over automatically with out the users noticing except
that things are slower because ISPB is a slower connection. This means the
default gateway would have to change on the fly and I can't seem to locate much
information on how this can work.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Thanks in advance, John </FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Nick wrote:</FONT></DIV>
<DIV><FONT face=Arial size=2><FONT size=3>DATE:
10/25/2000 19:58:00<BR>SUBJECT: RE: Multipath
natd</FONT></FONT></DIV>
<DIV><FONT face=Arial size=2> <FONT face=COURIER>n Wed, 25 Oct 2000, John
Prince wrote:<BR><BR>> Hello..<BR>> Is it possible (I have been
trying)....<BR>> I have noticed other requests, however there does not seem
to be any answers..<BR>> <BR>> I have a firewall setup, IPFW and Natd,
with 2 external interfaces, and a <BR>> single internal.<BR>> Each
external interface is connected to a provider.<BR>> Setup is as
follows..<BR>> External Internal.<BR>> bbb.bbb.bbb.bbb
---------------<BR>> |--------------- ccc.ccc.ccc.ccc<BR>> aaa.aaa.aaa.aaa
---------------<BR>> The internal network consists of 2 nets, 10.0.1.0 and
10.0.2.0<BR>> What I want to do is route any traffic from the 10.0.1.0
network to the <BR>> (bbb) external<BR>> interface, and traffic from the
10.0.2.0 to the the (aaa) interface..<BR>> Ipfw and Natd appear to function,
as long as I specify a default route..<BR>> I would like to do this all on a
single machine, if possible..<BR>> Any help would be greatly
appreciated..<BR><BR> It`s possible. Run 2 differnet natd`s. Setup
ipfw like so:<BR><BR> #Don;t Divert local traffic<BR> ipfw add 50 allow ip from
10.0.1.0/24 to 10.0.2.0/24<BR> ipfw add 51 allow ip from 10.0.2.0/24 to
10.0.1.0/24<BR><BR> #Dvert traffic from 1.0/24 out and in interface B<BR> ipfw
add 100 divert natd ip from 10.0.1.0/24 to any<BR> ipfw add 101 divert natd ip
from any to any in via $INTERFACE_B<BR><BR> #Divert traffic from 2.0/24 network
in and out int a<BR> ipfw add 200 divert natd2 ip from 10.0.2.0/24 to
any<BR> ipfw add 201 divert natd2 ip from any to any in via
$INTERFACE_A<BR><BR><BR> #Add routing for these natd`d addresses<BR> ipfw add
1000 fwd $INTERFACE_B_NEXT_HOP ip from <BR> $INTERFACE_B_ADDRESS to
any<BR><BR> ipfw add 2000 fwd $INTERFACE_A_NEXT_HOP ip from
<BR> $INTERFACE_A_ADDRESS to any<BR><BR> #Leave on for testing until it
works<BR> ipfw add 3000 allow ip from any to any<BR><BR> Then after you do that
setup the 2 different natd`s to listen on<BR> different ports (default 8668) and
another entry
int<BR> /etc/services:<BR><BR> natd2
8669/divert # Network Address Translation<BR><BR> Then run the nat`s
seperately:<BR><BR> root# natd -p 8668 -a $INTERFACE_B_ADDRESS<BR> root# natd
-p 8669 -a $INTERFACE_A_ADDRESS<BR><BR><BR><BR>Nick Rogness<BR>- Drive
defensively. Buy a tank.<BR></FONT></DIV></FONT></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002601c03fa5$a760da30$0100000a>