Date: Sun, 4 Mar 2001 02:55:18 -0500 From: Mike Nowlin <mike@argos.org> To: freebsd-net@freebsd.org Subject: questions re: multiple internet conn routing Message-ID: <20010304025518.A1844@argos.org>
next in thread | raw e-mail | index | archive | help
--opJtzjQTFsWo+cga Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable (Looking for some general pointers to solutions here...) Just had a second DSL connection installed, and have several questions regarding how to map it into the FBSD router we use... The basic setup here (with just the single DSL line, 32 IPs on that line) is DSL->Router->hosts, where DSL->Router is on dc0, and Router->hosts is on fxp0. Basically, I added dc1 for the 2nd DSL connection. Local traffic is split between fxp0 and dc2, depending on the subnet it's for. (10.193.x.x or 10.98.x.x, and those subnets go to a pair of BSD routers that break things down further, going to several ethernet segs and Cisco 804s for vari= ous=20 ISDN links, plus another router that has a cable connection on it for outgo= ing=20 FTP/HTTP requests from certain machines, not to mention the 200+ "ppp -auto" links - kinda fun to figure out how a packet gets from point A to point=20 B..:) ) Ah, the joys of having a network supporting a lot of physical locations that has to be cost-effective.. All of our machines are assigned a 10.x.x.x address, and I use ipfw and natd to do translation between the DSL1 and net-10 addresses - works beautifully. First question: after playing with this a bit, I've come to the decision that I probably need to send NAT packets to two different divert sockets - one for each DSL IP block. With /etc/natd.conf holding the NAT rules, is it possible to have two "port" or "alias_address" lines: alias_address 1.2.3.4 port 8668 redirect_address 10.1.1.7 1.2.3.7 redirect_address 10.1.1.8 1.2.3.8 alias_address 5.6.7.1 port 8669 redirect_address 10.1.1.7 5.6.7.7 redirect_address 10.1.1.8 5.6.7.8 =20 =2E..or do I need to run two copies of natd for this to work correctly? Second question: I could probably do this blindfolded on a Cisco router, but is there some way to accomplish the Cisco idea of "policy-based routing" on a FBSD box? I basically need to look at the source address of a packet and send it to the appropriate ethernet interface for the DSL IP block that matches that source address. I'm guessing that netgraph might be involved, but I haven't ever looked at it much more than the examples provided... (If netgraph is involved, I may need a little more help than "Yes, it can be done." :) ) Third question: I vaguely remember that netgraph packets don't go through ipfw, possibly under certain circumstances. True? Thanks - Mike --opJtzjQTFsWo+cga Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjqh9OYACgkQJol4I8h9Gd+avwCfRyqG5xDglDdIFdwfvT1wBRkQ nq8AoIwIRd/pgU6TjsP/v7M6vR2ZFVyd =dKQP -----END PGP SIGNATURE----- --opJtzjQTFsWo+cga-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010304025518.A1844>