Re: Multiple Internet feeds to a single machine.
From: Ken Bolingbroke (freebsd_at_bolingbroke.com)
Date: 05/13/04
- Previous message: Eli K. Breen: "Multiple Internet feeds to a single machine."
- In reply to: Eli K. Breen: "Multiple Internet feeds to a single machine."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 12 May 2004 18:20:59 -0700 (PDT) To: "Eli K. Breen" <eli@gopostal.ca>
On Wed, 12 May 2004, Eli K. Breen wrote:
> Has anyone successfully used two different Internet connections to feed
> a single BSD machine, without BGP?
Yes, I've done this.
> Also, it is possible to have two copies of natd running on different
> ports in order to accomplish this (each with their own config file)?
> natd-a : 8668,
> natd-b: 8669 and have the following rules in ipfw:
Yes, this works, and this is almost just what I did myself.
I have a DSL line and a cable connection. I wanted to be able to easily
switch my default route from one to the other as needed (they go offline
occasionally), and I also wanted to be able to access my server from
outside via either connection.
I used 'ipfw' to sort things out correctly. The main key for me was to
apply a 'fwd' rule to make sure things went out the right line.
That is, the main problem was that if my default route pointed at DSL, if
a connection came in on cable, then the response would try to go out on
the default route through DSL. But the DSL provider would reject anything
not coming from my DSL IP. And I couldn't NAT it as coming from my DSL
IP, because then the original client wouldn't recognize my response.
So 'fwd' would set the next-hop to the correct gateway. That created a
new problem, though...a match on a 'fwd' rule aborts further processing of
the ruleset, and this broke my rules, including NAT. I could have perhaps
worked around that by replacing all my 'accept' rules with 'fwd' rules,
but that was just too ugly.
Instead, I hacked the ipfw.c source code to make any 'fwd' matches
continue with the rest of the rules. That way the next-hop would be set
as I wanted it, but I could still apply all my firewall and NAT rules.
This worked beautifully for quite a long time and I was able to easily
access either Internet connection from both inside and outside. Recently
though, the gateway machine burned out and I lost both hard disks on it,
including the copies of the source code modification and my rule sets. I
haven't yet recreated it, and I'm hoping to find a better solution that
doesn't require hacking ipfw.c.
But if you come up short on any other solution, modifying the 'fwd'
behavior can do the trick decently.
Ken Bolingbroke
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
- Previous message: Eli K. Breen: "Multiple Internet feeds to a single machine."
- In reply to: Eli K. Breen: "Multiple Internet feeds to a single machine."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
