From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 07:42:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 305F437B404 for ; Mon, 4 Aug 2003 07:42:03 -0700 (PDT) Received: from insourcery.net (ns1.insourcery.net [198.93.171.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD26443FB1 for ; Mon, 4 Aug 2003 07:41:57 -0700 (PDT) (envelope-from fbsdquestions@worldinternet.org) Received: from localhost (localhost [127.0.0.1]) (uid 80) by insourcery.net with local; Mon, 04 Aug 2003 07:41:57 -0700 Received: from customer-200-79-7-13.uninet.net.mx (customer-200-79-7-13.uninet.net.mx [200.79.7.13]) by mail.worldinternet.org (Horde) with HTTP for ; Mon, 4 Aug 2003 07:41:57 -0700 Message-ID: <1060008117.a01537208ba27@mail.worldinternet.org> X-Priority: 3 (Normal) Date: Mon, 4 Aug 2003 07:41:57 -0700 From: fbsdquestions@worldinternet.org To: net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.0-cvs X-Originating-IP: 200.79.7.13 Subject: ipfw - natd - squid - 3 Nic's - 1 FBSD 5.1 server and routing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 14:42:03 -0000 We have a perfectly functional but saturated ds0 with our telco that is very expensive. We have squid running with transparent proxy for our LAN that consists of about 10-15 users. [ fwd 127.0.0.1,3128 tcp from 192.168.5.0/24 to any 80 ] It works fine but still not enough bandwidth so we contracted a much less expensive connection with a cable company that we plan to use for all outgoing requests for port 80 from squid. The problem is that I don't know how to get the outgoing requests from squid to use the nic that is connected to the cable company. Squid is setup to use the Cable companies IP tcp_outgoing_address 10.24.194.163 but since the default gateway is to the telco interface, the request is sent to the telco. I'm not sure how to make this work. Our three nic's are set up as follows rl1 192.168.5.0/24 --- Internal Network \ \ rl0 [TelCo] ------ 200.79.x.0/28 --- INTERNET / natd-ipfw-squid rl2 / routing: default 200.79.x.1 10.24.194.163/20 --- Cable Network Our firewall configuration has been reduced to the following until we can get this to work. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 fwd 127.0.0.1,3128 tcp from 192.168.5.0/24 to any 80 65100 divert 8668 ip from any to any via rl0 65500 allow ip from any to any 65535 allow ip from any to any Everything works great with rl1 -> rl0 but rl2 is basically useless for now. I have tried many different approaches and none have worked. I'm probably complicating it too much, I hope. Any help or suggestions will be appreciated. Ed -- ------------------------------------------------- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -------------------------------------------------