source routing and dynamic @ip

From: Antoine Jacoutot (ajacoutot_at_lphp.org)
Date: 01/15/04

  • Next message: Ed Budd: "Re: x crashed" 
    To: freebsd-questions@freebsd.org
Date: Thu, 15 Jan 2004 17:07:55 +0100

    Hi :)

    Allright, so, I've been trying to build a routing setup for some weeks now,
    and after looking everywhere and asking for help, I still cannot find the
    answer.
    Here is what I want to do: source routing to 2 internet connections.
    Basically, I want net1 to go on the Internet using gateway connection1 and
    net2 to go on the internet using gateway connection2.
    You have to know that both internet connections have dynamic IPs and I need
    NAT on both.
    So far, these are my not working config files (defaut gateway is
    ip1/connection1).
    em0 = inside interface
    tun0 = pppoe DSL connection1 (default route)
    tun1 = pppoe DSL connection2

    --> /etc/ipfw.conf

    #!/bin/sh
    fwcmd="/sbin/ipfw -q"
    ip1=`/sbin/ifconfig tun0 | /usr/bin/awk '/inet / { print $2 }'`
    ip2=`/sbin/ifconfig tun1 | /usr/bin/awk '/inet / { print $2 }'`
    lan1=192.168.0.0/24
    lan2=192.168.1.0/24
    ${fwcmd} -f flush
    ${fwcmd} add 100 fwd $ip2 all from $lan2 to any out recv em0 xmit tun0
    ${fwcmd} add 200 divert 8669 all from $lan2 to any via tun1
    ${fwcmd} add 300 divert 8668 all from any to any via tun0
    ${fwcmd} add 400 allow all from any to any

    --> /etc/natd_tun0.conf

    interface tun0
    port 8668
    log_denied yes
    log_facility security
    use_sockets yes
    same_ports yes
    unregistered_only yes
    punch_fw 10000:10000
    dynamic yes

    --> /etc/natd_tun1.conf

    interface tun1
    port 8669
    log_denied yes
    log_facility security
    use_sockets yes
    same_ports yes
    unregistered_only yes
    punch_fw 10000:10000
    dynamic yes

    I am really really looking for help here. If you know how to make such a setup
    working, I would appreciate a hand.
    Thanks in advance.
    Regards,

    Antoine

    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

  • Next message: Ed Budd: "Re: x crashed"

    Relevant Pages

    • Re: Encoder On Wireless Network
      ... see the information for "URL For Internet Connections", ... Detect".I believe this is why we cannot stream our content. ... Connections" has the name of our computer listed and we are using port "8080". ... You did not disable to firewall unless you logged into your wireless router ...
      (microsoft.public.windowsmedia.encoder)
    • Re: MX records at different ISPs
      ... > ISPs at the same time? ... We have redundant Internet connections to two ... is where your MX record lives. ... Since you have two ISP's and two connections to the internet, ...
      (microsoft.public.windows.server.dns)
    • Re: worm is on home computer
      ... The first thing you should do is immediately enable Windows XP's built-in Firewall: ... In Control Panel, double-click Networking and Internet Connections, and ... then click Network Connections. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: [fw-wiz] router with 2 redundant inferfaces
      ... You can keep the state of the connections with some black magic ... machines so if one router goes down all statefull connections/protocols break ... Both machines were doing load balancing, ... my company is having 2 leased lines internet connections and they were ...
      (Firewall-Wizards)
    • Re: [fw-wiz] router with 2 redundant inferfaces
      ... Two machines are kinda better security if one is compromised you can turn ... You can keep the state of the connections with some black magic ... machines so if one router goes down all statefull connections/protocols break ... my company is having 2 leased lines internet connections and they were ...
      (Firewall-Wizards)