Date: Fri, 6 Feb 2004 10:33:22 -0600 From: Edwin Culp <eculp@viviendaatualcance.com.mx> To: chris scott <chris.scott@uk.tiscali.com> Cc: net@freebsd.org Subject: Re: 2 isp's, one LAN and need to divide traffic. Message-ID: <20040206103322.0okcw8sg8k8s80gw@mail.viviendaatualcance.com.mx> In-Reply-To: <02ac01c3ecb1$7945a600$86102c0a@viper> References: <20040205094541.U43880-100000@ren.sasknow.com> <20040205115651.wgw88sgcgwg4osg4@mail.viviendaatualcance.com.mx> <02ac01c3ecb1$7945a600$86102c0a@viper>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting chris scott <chris.scott@uk.tiscali.com>: > should be easy enough to do. You will probably need to have two instances of > natd running, one for each interface. e.g. > > /sbin/natd -a x -p 8868 > /sbin/natd -a y -p 8869 That is another option that I should try and probably why the rules diverts and forwards that I tried without two processes didn't work. A question on rule 3 below shouldn't tun0 be interface y from above? Thanks so much for your help. One thing for sure I've read more about natd and natd.conf than I ever expected and thanks to you folks, I'm starting to see the light at the end of the tunnel. Have a great weekend. ed > > where x and y are the ips of the interfaces you are using, you could > probably use the -n option and -dynamic options if you are on a static > setup. > > Note it will be inportant which interface your default route will point to. > I'm assuming its tun0.so am configuring ipfw to deal with outgoing traffic > on that interface, something like this should do > > ipfw add 1 divert 8868 tcp from any to any 25 out via tun0 > ipfw add 2 divert 8868 udp from any to any 53 out via tun0 > ipfw add 3 divert 8869 all from any to any via tun0 > > these rules should redirect outgoing mail and dns requests to a different > instance of natd than is used for all other traffic > this will be bound to tun1 > > There is also another potential way of doing it as well. If you have a list > of all the dns and email servers your clients use you could add some static > routes for those hosts/subnets to force all traffic for them to use a > specific interface. This would be cludgy though as all traffic for those > hosts would be forced that way not just email and dns > > > Chris > > > ----- Original Message ----- > From: "Edwin Culp" <eculp@viviendaatualcance.com.mx> > To: "Ryan Thompson" <ryan@sasknow.com> > Cc: <net@freebsd.org> > Sent: Thursday, February 05, 2004 5:56 PM > Subject: Re: 2 isp's, one LAN and need to divide traffic. > > >> Quoting Ryan Thompson <ryan@sasknow.com>: >> >> > Edwin Culp wrote to net@freebsd.org: >> > >> >> Is there a, hopefully simple, way to divide bidirectional traffic >> >> (LAN/INTERNET)between 2 internet connections more or less as the >> >> diagram below. I've just added a DSL connection with a lot more >> >> bandwidth than my ds0. I want to use the ds0 exclusively for email and >> >> DNS that I consider, in my case, to be lower priority and the DSL for >> >> all other traffic? >> > >> > Sure. Unless I'm misunderstanding what you're asking for... just bind >> > your email and DNS server to one or two of the ds0 IPs. Don't listen for >> > those services on the Provider2 IP. Then bind your other services to the >> > Provider2 IP. >> > >> > If you're directing this all to an RFC1918 internal network (i.e., the >> > server(s) do not have public IPs), you're probably already using NAT, >> > and can make use of static NAT and the -redirect_port feature. >> >> Ryan >> >> That is exactly what I want to do. I've seen that in the NAT docs but was >> unsure how and if it would work in my case. I've never used NAT in > anything >> but the default firewall configuration. I'm going to do some reading and >> testing. >> >> Thanks so much, >> >> ed >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040206103322.0okcw8sg8k8s80gw>