Date: Tue, 3 Apr 2001 21:48:34 -0500 From: Michael Owens <owensmk@earthlink.net> To: Nick Rogness <nick@rogness.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Multiple Default Gateways using DIVERT Message-ID: <01040321483401.00504@mike> In-Reply-To: <Pine.BSF.4.21.0104031740120.2975-100000@cody.jharris.com> References: <Pine.BSF.4.21.0104031740120.2975-100000@cody.jharris.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks. While I am somewhat familiar with IPF, am in the woods with IPFW. I did read something on the IPF site today that is new since I used it last---the "to" feature, which is supposed to be similar to fastroute. While it seems to suggest that this is an equivalent way to do this, I am not sure what the effects would be like with NAT, or how it should be done. The only additional question I have with the method you proposed is can it be done with routers on the same subnet (you only have two cards ed0 and de0, one for each side, and the outside, de0, has two routers sitting on it) so you need a way to say "route to de0:2.2.2.1" for this range and "route to de0:2.2.2.2" for that range. Perhaps I am making it harder than it is. But I only have two NICs, and the routers sit on 2.2.2.0/27. On Tuesday 03 April 2001 17:59, Nick Rogness wrote: > On Tue, 3 Apr 2001, Michael Owens wrote: > > My company has a single DSL line through which I have set up internet > > access via NAT using IPF. > > > > We are getting a second DSL line, and I was wondering what the best way, > > if any, would be to use NAT and different default gateways so as to > > divide up the groups by source address across them. I would like > > 10.10.10.1-128 to go through gateway 1 (say 2.2.2.1) and 10.10.10.129-254 > > through gateway 2 (say 2.2.2.2). I have searched the mail archives and > > seen various suggestions, but none seemed to address this specifically. > > Yes, it can be done. here is an example ipfw ruleset. I am > assuming a couple of things, which I will desribe after the > ruleset: > > # Trigger a redirect from packets from 10.0.0.128/25 to default route > add 200 fwd 2.2.2.2 ip from 10.0.0.128/25 to any out recv ed0 xmit de0 > > # Handle nat translations for normal traffic default route > add 300 divert natd ip from any to any via de0 > > # Handle natd translations for 10.0.0.128/25 to secondary router > add 400 divert natd1 ip from any to any via de1 > > I'm assuming your default gateway 2.2.2.1 is connected via de0 and > your internal network interface is ed0. de1 is the interface > connected to the 2.2.2.2 gateway. > > > I know this can't be done with IPF, so I am asking if this is > > something that could be done with IPFW. From what I can tell, it might > > using divert, but I am not all that clear on divert's use in varying > > gateways. > > You will need to run 2 different natd's. Each with their own > setups for their appropriate interfaces, address statements, etc. > You will laso need to compile your kernel with > 'options IPFIREWALL_FORWARD' > > Nick Rogness <nick@rogness.net> > - Keep on Routing in a Free World... > "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01040321483401.00504>