From owner-freebsd-questions  Tue Apr  3 14:56:28 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id 1CF1D37B71C
	for <freebsd-questions@FreeBSD.ORG>; Tue,  3 Apr 2001 14:56:25 -0700 (PDT)
	(envelope-from nick@rogness.net)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f33MxYd03827;
	Tue, 3 Apr 2001 17:59:35 -0500 (CDT)
	(envelope-from nick@rogness.net)
Date: Tue, 3 Apr 2001 17:59:34 -0500 (CDT)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: Michael Owens <owensmk@earthlink.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Multiple Default Gateways using DIVERT
In-Reply-To: <0104021648540A.00570@mike>
Message-ID: <Pine.BSF.4.21.0104031740120.2975-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 3 Apr 2001, Michael Owens wrote:

> My company has a single DSL line through which I have set up internet access 
> via NAT using IPF.
> 
> We are getting a second DSL line, and I was wondering what the best way, if 
> any, would be to use NAT and different default gateways so as to divide up 
> the groups by source address across them. I would like 10.10.10.1-128 to go 
> through gateway 1 (say 2.2.2.1) and 10.10.10.129-254 through gateway 2 (say 
> 2.2.2.2). I have searched the mail archives and seen various suggestions, but 
> none seemed to address this specifically.

	Yes, it can be done.  here is an example ipfw ruleset.  I am
	assuming a couple of things, which I will desribe after the
	ruleset:

    # Trigger a redirect from packets from 10.0.0.128/25 to default route
    add 200 fwd 2.2.2.2 ip from 10.0.0.128/25 to any out recv ed0 xmit de0

    # Handle nat translations for normal traffic default route
    add 300 divert natd ip from any to any via de0

    # Handle natd translations for 10.0.0.128/25 to secondary router
    add 400 divert natd1 ip from any to any via de1

	I'm assuming your default gateway 2.2.2.1 is connected via de0 and
	your internal network interface is ed0.  de1 is the interface
	connected to the 2.2.2.2 gateway.


> 
> I know this can't be done with IPF, so I am asking if this is
> something that could be done with IPFW. From what I can tell, it might
> using divert, but I am not all that clear on divert's use in varying
> gateways.

	You will need to run 2 different natd's.  Each with their own
	setups for their appropriate interfaces, address statements, etc.
	You will laso need to compile your kernel with 
	'options IPFIREWALL_FORWARD'

Nick Rogness <nick@rogness.net>
 - Keep on Routing in a Free World...
 "FreeBSD: The Power to Serve!"




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message