From owner-freebsd-ipfw@FreeBSD.ORG  Tue Nov 11 01:36:13 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8F5D916A4CE
	for <freebsd-ipfw@freebsd.org>; Tue, 11 Nov 2003 01:36:13 -0800 (PST)
Received: from Alpha.Sonnit.DK (alpha.sonnit.dk [217.157.39.2])
	by mx1.FreeBSD.org (Postfix) with SMTP id D6D1C43FB1
	for <freebsd-ipfw@freebsd.org>; Tue, 11 Nov 2003 01:36:11 -0800 (PST)
	(envelope-from gjs@sonnit.dk)
Received: (qmail 66972 invoked by uid 1000); 11 Nov 2003 09:36:09 -0000
From: "Gorm J. Siiger" <gjs@sonnit.dk>
Date: Tue, 11 Nov 2003 10:36:09 +0100
To: freebsd-ipfw@freebsd.org
Message-ID: <20031111093609.GI94551@SonnIT.DK>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.4i
Subject: ipfw FWD, NAT and routing
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Nov 2003 09:36:13 -0000

Hi

I'm experimenting with a dual ISP setup using NAT, as eacy ISP has provided
me with a subnet of official IP adresses.

Network setup:

--------	--------
| ISP1 |	| ISP2 |
--------	--------
   |               |
   |    --------   |
   -----|  FW  |----
        --------
           | 
           |
        --------
	|Server|
	--------

ISP1 LAN   : 20.0.0.0/29
ISP2 LAN   : 21.0.0.0/29
Server LAN : 10.0.0.0/24
Server IP on ISP1: 20.0.0.2
Server IP on LAN: 10.0.0.2
Server IP on ISP2: 21.0.0.2
Server IP on LAN: 10.0.0.3

The default gateway for the FW box is ISP1

I can connect to the whole world via ISP1 from the server with source IP
10.0.0.2 but when I try to connect to a host via ISP2 from source 10.0.0.3
the TCP connection is very slow, and there is a lot of retransmissions.

If I change the FW's default gateway to ISP2 it works like a charm.

Any suggestions on how to fix this problem.


/usr/local/etc/natd.conf
 use_sockets
 unregistered_only yes
 alias_address 20.0.0.6
 redirect_address 10.0.0.2 20.0.0.2
 redirect_address 10.0.0.3 21.0.0.2

/etc/rc.firewall
 ${fwcmd} add 400 divert natd all from any to any via ${isp0if}
 ${fwcmd} add 405 divert natd all from any to any via ${isp1if}
 ${fwcmd} add 505 fwd 21.0.0.0 ip from 21.0.0.0/29 to any


-- 
Gorm J. Siiger - SonnIT