Re: Julian's netowrking challenge 2005
From: Andrew White (andywhite_at_gmail.com)
Date: 06/28/05
- Previous message: Max Laier: "Re: Julian's netowrking challenge 2005"
- In reply to: Julian Elischer: "Julian's netowrking challenge 2005"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 28 Jun 2005 17:15:44 +0100 To: Julian Elischer <julian@elischer.org>
I got FreeBSD to load balance two ISPs in version 4 a while ago, using
ipfw FWD rule, it had the same challenges that you are facing so try
this out, the routing is done on probability to cause load balance,
but you could do it on source ip
http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-August/000399.html
I did modify rulesets after that post as there was some unneeded
rules, but nothing major, the rules in the post work fine... I got a
better CPU and the cpu issue went away...
tks
Andrew
On 6/28/05, Julian Elischer <julian@elischer.org> wrote:
>
> So for reasons that i won't go into, I fin dmyself renumberring an entire company.
> howeve I have a particular problem I can't figure out how to fix.
>
> I have a gateway/firewall machine running 4.x
>
> it has 3 interfaces
>
> fxp0 goes to the internal trusted network
> fxp1 goes to the internet via a T1 via a cisco box,
> but is shared with another section of the company.
> the compant web service is advertised as coming from an address
> that is on an address advertised as being on this T1. So are
> other services.
>
> fxp2 also goes to the intenet via a cisco box however nothing is using
> it at the moment.
>
> The one shared T1 is being flooded out by users behind this machine
> much to the annoyance of the users on the other part of the company.
> This is supposed to be their T1.
>
> For reasons that are beyond the scope of this problem, the advertised
> DNS addresses for teh services advertised, can not just be switched
> to be via the other t1.
>
> The network attached to fxp0 needs to be NAT'd to use the Internet
> as it is using illegal numbers.
>
> The challenge:
>
> figure out a way so that all teh users on the network behind fxp0
> hcan use the internet using the T1 attached to the cisco off fxp1
> while all the advertised services (about 8 of them, few enough to
> list by hand in rules etc.) which are also behind fxp0 but acccessed by NAT'd
> addresses from the addresses on fxp1's net are accessed soly via that T1.
>
>
> [ internet ]
> | |
> T1 T1
> | |
> [cisco] [cisco]--------[other part of company]
> | |
> [fxp1] [fxp2]
> [ freebsd 4.x ]
> [fxp0]
> |
> |
> -----------------------illegal numbere'd net(s) (e.g. 192.168.x.x)-----
> | | |
> [server 1 ] [server 2] [lots of users]
>
> I can get the 'forward' direction easily.. i.e. incoming packets.
>
> It's the reverse direction that doesn't work for me.
> I considerred running 2 NATDs
> but I need to run ipfw to identify teh reverse streams to force back via fxp2
> and the only way I can do that is by using the 'fwd' command.
> if I do that I can't divert them and if I divert them to natd first, I can't
> 'fwd' them afterwards as the NATing is already done for the other (wrong)
> interface.
>
> I almost want to add a
> route add FROM Server 1 via [fxp2 cisco] which I've seen people request
> but until now I've never understood why..
>
>
> for points:
> it may be possible by making the bsd box actually 3 boxes
> joined by a 10.x.x.x interface. dscribe how..
>
> Your friend with less and less hair..
>
> julian
>
>
> I sort of need a routing table based
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Max Laier: "Re: Julian's netowrking challenge 2005"
- In reply to: Julian Elischer: "Julian's netowrking challenge 2005"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
