Re: 2 isp's, one LAN and need to divide traffic.

From: Edwin Culp (eculp_at_viviendaatualcance.com.mx)
Date: 02/06/04

  • Next message: Art Mason: "Re: Whats the best solution?" 
    Date: Fri,  6 Feb 2004 10:33:22 -0600
To: chris scott <chris.scott@uk.tiscali.com>

    Quoting chris scott <chris.scott@uk.tiscali.com>:

    > should be easy enough to do. You will probably need to have two instances of
    > natd running, one for each interface. e.g.
    >
    > /sbin/natd -a x -p 8868
    > /sbin/natd -a y -p 8869

    That is another option that I should try and probably why the rules diverts and
    forwards that I tried without two processes didn't work. A question on rule 3
    below shouldn't tun0 be interface y from above?

    Thanks so much for your help. One thing for sure I've read more about natd and
    natd.conf than I ever expected and thanks to you folks, I'm starting to see the
    light at the end of the tunnel.

    Have a great weekend.

    ed

    >
    > where x and y are the ips of the interfaces you are using, you could
    > probably use the -n option and -dynamic options if you are on a static
    > setup.
    >
    > Note it will be inportant which interface your default route will point to.
    > I'm assuming its tun0.so am configuring ipfw to deal with outgoing traffic
    > on that interface, something like this should do
    >
    > ipfw add 1 divert 8868 tcp from any to any 25 out via tun0
    > ipfw add 2 divert 8868 udp from any to any 53 out via tun0
    > ipfw add 3 divert 8869 all from any to any via tun0
    >
    > these rules should redirect outgoing mail and dns requests to a different
    > instance of natd than is used for all other traffic
    > this will be bound to tun1
    >
    > There is also another potential way of doing it as well. If you have a list
    > of all the dns and email servers your clients use you could add some static
    > routes for those hosts/subnets to force all traffic for them to use a
    > specific interface. This would be cludgy though as all traffic for those
    > hosts would be forced that way not just email and dns
    >
    >
    > Chris
    >
    >
    > ----- Original Message -----
    > From: "Edwin Culp" <eculp@viviendaatualcance.com.mx>
    > To: "Ryan Thompson" <ryan@sasknow.com>
    > Cc: <net@freebsd.org>
    > Sent: Thursday, February 05, 2004 5:56 PM
    > Subject: Re: 2 isp's, one LAN and need to divide traffic.
    >
    >
    >> Quoting Ryan Thompson <ryan@sasknow.com>:
    >>
    >> > Edwin Culp wrote to net@freebsd.org:
    >> >
    >> >> Is there a, hopefully simple, way to divide bidirectional traffic
    >> >> (LAN/INTERNET)between 2 internet connections more or less as the
    >> >> diagram below. I've just added a DSL connection with a lot more
    >> >> bandwidth than my ds0. I want to use the ds0 exclusively for email and
    >> >> DNS that I consider, in my case, to be lower priority and the DSL for
    >> >> all other traffic?
    >> >
    >> > Sure. Unless I'm misunderstanding what you're asking for... just bind
    >> > your email and DNS server to one or two of the ds0 IPs. Don't listen for
    >> > those services on the Provider2 IP. Then bind your other services to the
    >> > Provider2 IP.
    >> >
    >> > If you're directing this all to an RFC1918 internal network (i.e., the
    >> > server(s) do not have public IPs), you're probably already using NAT,
    >> > and can make use of static NAT and the -redirect_port feature.
    >>
    >> Ryan
    >>
    >> That is exactly what I want to do. I've seen that in the NAT docs but was
    >> unsure how and if it would work in my case. I've never used NAT in
    > anything
    >> but the default firewall configuration. I'm going to do some reading and
    >> testing.
    >>
    >> Thanks so much,
    >>
    >> ed
    >> _______________________________________________
    >> freebsd-net@freebsd.org mailing list
    >> http://lists.freebsd.org/mailman/listinfo/freebsd-net
    >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
    >>
    >>
    >
    >
    > _______________________________________________
    > freebsd-net@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-net
    > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Art Mason: "Re: Whats the best solution?"

    Relevant Pages

    • Re: multiple natd + ipfw, with 2 internal ips
      ... I have a little problem with my natd or ipfw configuration. ... Well you could if you set your internal interface to be in promiscuous mode and set proxy arp for that address ... is the next hop router, it uses ARP to find the MAC address of this router. ...
      (freebsd-net)
    • RE: Routing With Two ISPs?
      ... >> on one interface, is there a way to make the outgoing packets from my ... First off, in /etc/services copy the natd line and rename it natd2, change ... the port number to 8669 as well. ... you have divert rules in place for both natd interfaces. ...
      (freebsd-net)
    • Re: Forward and NAT question
      ... Subject: Forward and NAT question ... If you're running NATD, you have at least 2 interfaces, this has to be ... access to the external interface where NATD is by default listening. ... - Packet is inbound via internal interface ...
      (freebsd-questions)
    • natd and ipfw external hangs
      ... em0 - external interface to the net 24.205.x.x ... natd seems to be doing the right thing. ... $IPFW 10 allow all from any to any via sk0 ... # Interface facing Public Internet ...
      (freebsd-questions)
    • Re: Re[6]: mpd pppoe client problems
      ... I used to use ipfw as a firewall.. ... and natd makes too heavy cpu load. ... your interface goes up. ... How can I make those applications bind to the new ...
      (freebsd-net)