Date: Wed, 25 Oct 2000 20:58:00 -0600 (MDT) From: Nick Rogness <nick@rapidnet.com> To: John Prince <johnp@vwebpage.com> Cc: freebsd-isp@freebsd.org, freebsd-net@freebsd.org Subject: Re: Multipath natd Message-ID: <Pine.BSF.4.21.0010252034110.69292-100000@rapidnet.com> In-Reply-To: <4.3.2.7.2.20001025191653.021c25d8@mail.vwebpage.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 25 Oct 2000, John Prince wrote: > Hello.. > Is it possible (I have been trying).... > I have noticed other requests, however there does not seem to be any answers.. > > I have a firewall setup, IPFW and Natd, with 2 external interfaces, and a > single internal. > Each external interface is connected to a provider. > Setup is as follows.. > External Internal. > bbb.bbb.bbb.bbb --------------- > |--------------- ccc.ccc.ccc.ccc > aaa.aaa.aaa.aaa --------------- > The internal network consists of 2 nets, 10.0.1.0 and 10.0.2.0 > What I want to do is route any traffic from the 10.0.1.0 network to the > (bbb) external > interface, and traffic from the 10.0.2.0 to the the (aaa) interface.. > Ipfw and Natd appear to function, as long as I specify a default route.. > I would like to do this all on a single machine, if possible.. > Any help would be greatly appreciated.. It's possible. Run 2 differnet natd's. Setup ipfw like so: #Don;t Divert local traffic ipfw add 50 allow ip from 10.0.1.0/24 to 10.0.2.0/24 ipfw add 51 allow ip from 10.0.2.0/24 to 10.0.1.0/24 #Dvert traffic from 1.0/24 out and in interface B ipfw add 100 divert natd ip from 10.0.1.0/24 to any ipfw add 101 divert natd ip from any to any in via $INTERFACE_B #Divert traffic from 2.0/24 network in and out int a ipfw add 200 divert natd2 ip from 10.0.2.0/24 to any ipfw add 201 divert natd2 ip from any to any in via $INTERFACE_A #Add routing for these natd'd addresses ipfw add 1000 fwd $INTERFACE_B_NEXT_HOP ip from \ $INTERFACE_B_ADDRESS to any ipfw add 2000 fwd $INTERFACE_A_NEXT_HOP ip from \ $INTERFACE_A_ADDRESS to any #Leave on for testing until it works ipfw add 3000 allow ip from any to any Then after you do that setup the 2 different natd's to listen on different ports (default 8668) and another entry int /etc/services: natd2 8669/divert # Network Address Translation Then run the nat's seperately: root# natd -p 8668 -a $INTERFACE_B_ADDRESS root# natd -p 8669 -a $INTERFACE_A_ADDRESS Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010252034110.69292-100000>