Skip site navigation (1)Skip section navigation (2) 
Date:      Mon,  4 Aug 2003 07:41:57 -0700
From:      fbsdquestions@worldinternet.org
To:        net@freebsd.org
Subject:   ipfw - natd - squid - 3 Nic's - 1 FBSD 5.1 server and routing question
Message-ID:  <1060008117.a01537208ba27@mail.worldinternet.org>
next in thread | raw e-mail | index | archive | help 
We have a perfectly functional but saturated ds0 with our telco that
is very expensive.  We have squid running with transparent proxy for
our LAN that consists of about 10-15 users.  [ fwd 127.0.0.1,3128 tcp
from 192.168.5.0/24 to any 80 ] It works fine but still not enough
bandwidth so we contracted a much less expensive connection with a
cable company that we plan to use for all outgoing requests for port
80 from squid.  The problem is that I don't know how to get the outgoing
requests from squid to use the nic that is connected to the cable company.

Squid is setup to use the Cable companies IP
  tcp_outgoing_address  10.24.194.163
but since the default gateway is to the telco interface, the request is sent
to the telco.

I'm not sure how to make this work.  Our three nic's are set up as follows

rl1
192.168.5.0/24   ---
Internal Network     \
                      \        rl0 [TelCo]
                       ------  200.79.x.0/28    --- INTERNET
                      /        natd-ipfw-squid
rl2                  /         routing: default 200.79.x.1
10.24.194.163/20 ---
Cable Network

Our firewall configuration has been reduced to the following until we can
get this to work.

00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 fwd 127.0.0.1,3128 tcp from 192.168.5.0/24 to any 80
65100 divert 8668 ip from any to any via rl0
65500 allow ip from any to any
65535 allow ip from any to any

Everything works great with rl1 -> rl0 but rl2 is basically useless for now.
I have tried many different approaches and none have worked.  I'm probably
complicating it too much, I hope.

Any help or suggestions will be appreciated.

Ed

--


-------------------------------------------------

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"


-------------------------------------------------

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1060008117.a01537208ba27>