Re: Routing question

From: Ben Timby (asp_at_webexc.com)
Date: 06/11/04

  • Next message: Greg Lehey: "How to get best results from FreeBSD-questions" 
    Date: Fri, 11 Jun 2004 11:16:00 -0500
To: leon@trusc.net, freebsd-questions@freebsd.org

    Perhaps if you post more info, we can come up with creative solutions
    for you. My big question is why?

    AFAIK, you cannot have more than one default gateway, unless you are
    using netgraph to balance between network interfaces. However, you could
    NAT C & D to their respective "public" interfaces. If E is a real IP,
    then the NATed traffic should flow to that interface.

    I would suggest using pf, as it is a most excellent firewall package.
    Here is the section of a PF guide regarding NAT.

    http://www.openbsd.org/faq/pf/nat.html

    Your rules would look like this (these are from memory, so sanity check
    them): 

    --
#define your interfaces as macros:
A = "fxp0"
B = "fxp1"
C = "fxp2"
D = "fxp3"
E = "fxp4"
#define your NAT translations using our macros:
nat on $A from ($C:network) to any -> $A
nat on $B from ($D:network) to any -> $B
#define your filtering rules:
...
--
However, you will find that route add will not allow multiple default 
routes. You must use another package to allow for that, or at least it 
is beyond my knowledge. Let me know if you figure it out, I would be 
very interested.
Leon Botes wrote:
> I have a box with 5 nics.
> Cal them A,B,C,D,E.
> A & B are different internet connections.
> E is a connection to a mail server on a public /29
> C & D are connections for 2 differnet client networks.
> 
> Is it possible to have all traffic coming in via C sent to a default gateway
> on A's network and
> all traffic coming in via D sent to a default gateway on B's network.
> And secondly will both client networks be able to see the E/29?
> 
> If so how?
> 
> Thanks
> Leon
> 
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
  • Next message: Greg Lehey: "How to get best results from FreeBSD-questions"

    Relevant Pages

    • Re: Demand-dial Interface and/or new Broadband connection?
      ... Review the article in the link below from Microsoft on how to configure NAT ... You should only have to create the network ... connections in "network connections" for NAT. ... > Internet through the Windows Server 2003 machine. ...
      (microsoft.public.windows.server.networking)
    • Re: iscsi multipath fails when cluster service is started
      ... Sorry if I missed this previously, are your iSCSI network connections on the ... If the iSCSI connections are not on the same subnet as your other cluster ... i think the problem is that the interfaces are in the same subnet. ...
      (microsoft.public.windows.server.clustering)
    • RE: Request for feedback on ip-nat
      ... >to a im network to disconnect for no real apparent reason. ... Some 'cheap' NAT boxes will clear their connection cache, ... least the oldest connections, to conserve memory. ...
      (Security-Basics)
    • RE: Routing question
      ... Well the reason is that our dsl connections are limited to a max speed of ... netgraph to balance between network interfaces. ... > A & B are different internet connections. ...
      (freebsd-questions)
    • Re: iscsi multipath fails when cluster service is started
      ... No, I use dedicated subnets for the heartbeat, public, and iscsi connections. ... If the iSCSI connections are not on the same subnet as your other cluster ... test the behavior of the network inferfaces. ... i think the problem is that the interfaces are in the same subnet. ...
      (microsoft.public.windows.server.clustering)