Re: Julian's netowrking challenge 2005

From: Milan Obuch (net_at_dino.sk)
Date: 06/28/05

  • Next message: Max Laier: "Re: Julian's netowrking challenge 2005" 
    To: freebsd-net@freebsd.org
Date: Tue, 28 Jun 2005 11:39:13 +0200

    On Tuesday 28 June 2005 09:46, Jeremie Le Hen wrote:
    > Hi Julian,
    >
    > > The challenge:
    > >
    > > figure out a way so that all teh users on the network behind fxp0
    > > hcan use the internet using the T1 attached to the cisco off fxp1
    > > while all the advertised services (about 8 of them, few enough to
    > > list by hand in rules etc.) which are also behind fxp0 but acccessed by
    > > NAT'd addresses from the addresses on fxp1's net are accessed soly via
    > > that T1.
    > >
    > > [...]
    > >
    > > I can get the 'forward' direction easily.. i.e. incoming packets.
    > >
    > > It's the reverse direction that doesn't work for me.
    > > I considerred running 2 NATDs
    > > but I need to run ipfw to identify teh reverse streams to force back via
    > > fxp2
    > > and the only way I can do that is by using the 'fwd' command.
    > > if I do that I can't divert them and if I divert them to natd first, I
    > > can't 'fwd' them afterwards as the NATing is already done for the other
    > > (wrong) interface.
    >
    > You definitely want a non-terminal "fwd" command.
    > Ari Suutari has just implemented the "setnexthop" action that does the
    > trick, I think the patch [1] is waiting to be commited in -CURRENT.
    > I don't think this would be really difficult to backport to RELENG_4.
    >

    I think this is good solution for him. At least once I needed to solve
    something similar, no luck then...

    > Hope this helps.
    > Regards,
    >
    > [1] http://lists.freebsd.org/pipermail/freebsd-net/2005-June/007710.html
    >
    > PS: I'm seeing more and more requests about routing limitations in
    > FreeBSD everyday, such as lack of multiple routing tables support, lack
    > of source routing (as well as higher level protocol based routing).
    > Are there actually some projects that are being worked on to overcome
    > this ?

    I used Marko Zec's virtualization patch for multiple VPN management and
    monitoring and it worked great. It does exist for 4-RELEASE, however.
    I am not ready to do anything like this yet, but if someone would work on
    sothing similar for newer releases, I would be really willing to try it out
    and test. I need to solve some multiple VPN problem again and using legacy
    release is the only option, but something newer would be really better.

    Regards,
    Milan
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Max Laier: "Re: Julian's netowrking challenge 2005"