[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-isp
Subject:    Re: Multipath natd
From:       Nick Rogness <nick () rapidnet ! com>
Date:       2000-10-26 2:58:00
[Download RAW message or body]

On Wed, 25 Oct 2000, John Prince wrote:

> Hello..
> Is it possible (I have been trying)....
> I have noticed other requests, however there does not seem to be any answers..
> 
> I have a firewall setup, IPFW and Natd, with 2 external interfaces, and a 
> single internal.
> Each external interface is connected to a provider.
> Setup is as follows..
> External Internal.
> bbb.bbb.bbb.bbb ---------------
> |--------------- ccc.ccc.ccc.ccc
> aaa.aaa.aaa.aaa ---------------
> The internal network consists of 2 nets, 10.0.1.0 and 10.0.2.0
> What I want to do is route any traffic from the 10.0.1.0 network to the 
> (bbb) external
> interface, and traffic from the 10.0.2.0 to the the (aaa) interface..
> Ipfw and Natd appear to function, as long as I specify a default route..
> I would like to do this all on a single machine, if possible..
> Any help would be greatly appreciated..

	It's possible.  Run 2 differnet natd's.  Setup ipfw like so:

	#Don;t Divert local traffic
	ipfw add 50 allow ip from 10.0.1.0/24 to 10.0.2.0/24
	ipfw add 51 allow ip from 10.0.2.0/24 to 10.0.1.0/24

	#Dvert traffic from 1.0/24 out and in interface B
	ipfw add 100 divert natd ip from 10.0.1.0/24 to any
	ipfw add 101 divert natd ip from any to any in via $INTERFACE_B

	#Divert traffic from 2.0/24 network in and out int a
	ipfw add 200 divert natd2 ip from 10.0.2.0/24 to any
	ipfw add 201 divert natd2 ip from any to any in via $INTERFACE_A


	#Add routing for these natd'd addresses
	ipfw add 1000 fwd $INTERFACE_B_NEXT_HOP ip from \
	$INTERFACE_B_ADDRESS to any

	ipfw add 2000 fwd $INTERFACE_A_NEXT_HOP ip from \
	$INTERFACE_A_ADDRESS to any

	#Leave on for testing until it works
	ipfw add 3000 allow ip from any to any

	Then after you do that setup the 2 different natd's to listen on
	different ports (default 8668) and another entry int
	/etc/services:

		natd2           8669/divert # Network Address Translation

	Then run the nat's seperately:

		root# natd -p 8668 -a $INTERFACE_B_ADDRESS
		root# natd -p 8669 -a $INTERFACE_A_ADDRESS



Nick Rogness
- Drive defensively.  Buy a tank.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

[prev in list] [next in list] [prev in thread] [next in thread]