From owner-freebsd-net  Wed Oct 25 19:59: 4 2000
Delivered-To: freebsd-net@freebsd.org
Received: from rapidnet.com (rapidnet.com [205.164.216.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8B26037B4CF; Wed, 25 Oct 2000 19:58:13 -0700 (PDT)
Received: from localhost (nick@localhost)
	by rapidnet.com (8.9.3/8.9.3) with ESMTP id UAA82202;
	Wed, 25 Oct 2000 20:58:00 -0600 (MDT)
Date: Wed, 25 Oct 2000 20:58:00 -0600 (MDT)
From: Nick Rogness <nick@rapidnet.com>
To: John Prince <johnp@vwebpage.com>
Cc: freebsd-isp@freebsd.org, freebsd-net@freebsd.org
Subject: Re: Multipath natd
In-Reply-To: <4.3.2.7.2.20001025191653.021c25d8@mail.vwebpage.com>
Message-ID: <Pine.BSF.4.21.0010252034110.69292-100000@rapidnet.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 25 Oct 2000, John Prince wrote:

> Hello..
> Is it possible (I have been trying)....
> I have noticed other requests, however there does not seem to be any answers..
> 
> I have a firewall setup, IPFW and Natd, with 2 external interfaces, and a 
> single internal.
> Each external interface is connected to a provider.
> Setup is as follows..
> External Internal.
> bbb.bbb.bbb.bbb ---------------
> |--------------- ccc.ccc.ccc.ccc
> aaa.aaa.aaa.aaa ---------------
> The internal network consists of 2 nets, 10.0.1.0 and 10.0.2.0
> What I want to do is route any traffic from the 10.0.1.0 network to the 
> (bbb) external
> interface, and traffic from the 10.0.2.0 to the the (aaa) interface..
> Ipfw and Natd appear to function, as long as I specify a default route..
> I would like to do this all on a single machine, if possible..
> Any help would be greatly appreciated..

	It's possible.  Run 2 differnet natd's.  Setup ipfw like so:

	#Don;t Divert local traffic
	ipfw add 50 allow ip from 10.0.1.0/24 to 10.0.2.0/24
	ipfw add 51 allow ip from 10.0.2.0/24 to 10.0.1.0/24

	#Dvert traffic from 1.0/24 out and in interface B
	ipfw add 100 divert natd ip from 10.0.1.0/24 to any
	ipfw add 101 divert natd ip from any to any in via $INTERFACE_B

	#Divert traffic from 2.0/24 network in and out int a
	ipfw add 200 divert natd2 ip from 10.0.2.0/24 to any
	ipfw add 201 divert natd2 ip from any to any in via $INTERFACE_A


	#Add routing for these natd'd addresses
	ipfw add 1000 fwd $INTERFACE_B_NEXT_HOP ip from \
	$INTERFACE_B_ADDRESS to any

	ipfw add 2000 fwd $INTERFACE_A_NEXT_HOP ip from \
	$INTERFACE_A_ADDRESS to any

	#Leave on for testing until it works
	ipfw add 3000 allow ip from any to any

	Then after you do that setup the 2 different natd's to listen on
	different ports (default 8668) and another entry int
	/etc/services:

		natd2           8669/divert # Network Address Translation

	Then run the nat's seperately:

		root# natd -p 8668 -a $INTERFACE_B_ADDRESS
		root# natd -p 8669 -a $INTERFACE_A_ADDRESS



Nick Rogness
- Drive defensively.  Buy a tank.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message