Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Mar 2004 09:15:13 -0800 (PST)
From:      asd ads <jason_highland@yahoo.com>
To:        Tony Frank <tfrank@optushome.com.au>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Multiple natd and inbound web traffic
Message-ID:  <20040309171513.96071.qmail@web41305.mail.yahoo.com>
In-Reply-To: <20040309112748.GB8528@marvin.home.local>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hey Tony

Thanks for the help. I seem to be having the same
problem. Here's the ruleset

5 divert 8668 ip from any to any via fxp0
5 divert 8669 ip from any to any via fxp1
6 fwd xx.xx.12.1 ip from xx.xx.12.2 to any
7 fwd yy.yy.34.1 ip from yy.yy.34.2 to any
10 allow all from any to any

/sbin/natd -p 8668 -interface fxp0 -redirect_port tcp
192.168.200.10:80 xx.xx.12.2:80

/sbin/natd -p 8669 -interface fxp1 -redirect_port tcp
192.168.200.10:80 yy.yy.34.2:80

First Connection works fine.  When I try the second
one I run tcpdump and see the connection come in thru
yy.yy.34.2(cable) but exits out xx.xx.12.1 due the the
default route.

Any ideas?

Jason

--- Tony Frank <tfrank@optushome.com.au> wrote:
> Hi there,
> 
> On Mon, Mar 08, 2004 at 11:14:17PM -0800, asd ads
> wrote:
> > I have the following setup below.  A FreeBSD 4.9
> > machine with 3 nics fxp0, fxp1 and ed0. Fxp0 is
> > connected to my DSL connection, fxp1 is connected
> to
> > my Cable connection and ed0 is my internal
> network.
> > 
> > 
> > xx.xx.12.1     yy.yy.34.1
> > ---------        ------
> > |  DSL  |        |Cable|
> > ---------        ------
> >    |               |
> >     \             /
> >      \           / 
> >       \         /
> >        \       /
> >         \     / 
> >     fxp0 |    | fxp1
> >    .12.2 |    |.34.2
> >          |    |
> >     -----------------
> >     |      FW       |
> >     | Default route |
> >     |  xx.xx.12.1   |
> >     |	              |
> >     -----------------
> >             |
> >             |ed0
> >             |192.168.200.1
> >             |
> >             |
> >           -----
> >           |   |
> >           |   | Web Server
> >           |   | 192.168.200.10:80
> >           |   |
> >           -----
> > 
> > What I'm trying to do:
> > 
> > Need to have inbound web traffic (from both
> > connections) foward to the same internal web
> server.
> > 
> > Problem:
> > 
> > When a web connection is made to
> xx.xx.12.2:80(DSL),
> > its nated to 192.168.200.10:80(websrv) and then
> back
> > to the client(all is well at this point). 
> > 
> > The problem occars when a connection is made to 
> > yy.yy.34.2:80(cable), it's nated with the second
> > instance of nat to 192.168.200.10:80(websrv) but
> when
> > it trys to respond back to the client the default
> > route forces it back thru the first connection. 
> > 
> > Does anyone have a good example of a fwd & divert
> > rules that would help with this issue?
> 
> Since you seem to have the nat going ok, you might
> just 
> want to try something like this:
> 
> <natd etc>
> 02100 fwd xx.xx.12.1 ip from xx.xx.12.2
> 02200 fwd yy.yy.34.1 ip from yy.yy.34.2
> 
> Similar kind of thing works for my environment,
> though
> I am not doing exactly the same thing.
> 
> Regards,
> 
> Tony
> 


__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20040309171513.96071.qmail>