Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 6 Sep 2003 00:10:36 -0700
From:      -kevin- <kathey@pobox.com>
To:        freebsd-questions@freebsd.org
Subject:   triple NIC route challenge
Message-ID:  <20030906071036.GE24191@salinger.birdbrain.net>

next in thread | raw e-mail | index | archive | help
(Please respond directly, as I am not on this list.)

I have 3 NICs in a single machine.  Shaped something like
this:

            |-------------------|
ISP1 -------|DHCP               |
            |                   |------ Internal Network
ISP2 -------|PPPoE              |
            |-------------------|

ISP2 is the new thing.  Currently, all my traffic goes out
to ISP1 thanks to the same old ipnat rule.

If I set up a route for a range of addresses, they will take
ISP2 out and be very happy.

The problem is inbound.  When I ping via ISP1 it works
beautifully.   But when I ping via ISP2, I don't get a
response.  I believe the echorep packet is lost because it
is being routed according to the existing rules which don't
give the machine a clue about ISP2.  If I add a route to the
pinging host which uses ISP2, then the pinging starts
working there, but you guessed it, the ping via ISP1 stops
working.

    - How can I have the outbound route setup based upon the
      inbound request?
    - Furthermore, how can I have that new route only affect
      that connection?



Bonus Question:
    - How do I configure ipnat such that outbound traffic
      from my Internal Network is split between the two
      external interfaces?

Yes, I know I can route it based on the origin machine on
the Internal Network, and I know that I can set up the rules
such that all traffic goes to a single external interface
and when that interface is down, it will fail over to the
secondary.  What I want is outbound load balancing with
failover capability.


My "ifconfig -a":
    rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
            inet 12.235.49.181 netmask 0xffffff80 broadcast 255.255.255.255
            ether 00:01:0a:10:8c:74
            media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
            inet 192.168.177.1 netmask 0xffffff00 broadcast 192.168.177.255
            ether 00:80:c6:f9:2a:d0
            media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
            ether 00:40:05:83:11:75
            media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
            inet 127.0.0.1 netmask 0xff000000 
    tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
            inet 68.122.3.211 --> 10.1.1.1 netmask 0xffffff00 
            Opened by PID 1213

My "ipnat.rules":
    map rl0 192.168.177.0/24 -> 0/32



-- 
-*           -kevin-            *-
-* sick with the good infection *-
-*       kathey@pobox.com       *-
-* http://www.pobox.com/~kathey *-



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030906071036.GE24191>