pf multiple networks, two gateways, route-to question

From: Adam Taube (nospam_at_thenewsgroups.com)
Date: 09/24/04

  • Next message: Panties on me gaelic haed!: "Backups; the dumbest question in the world" 
    Date: Fri, 24 Sep 2004 15:23:19 -0600

    Hello pf uber-users out there - I need your assistance.

    I've been using pf for a couple of years now (love it to tears!) but never
    in this sort of situation and I want to know if this can even be done.

    em0 is gateway to cable provider
    em1 is gateway to dsl provider
    em2 is network dmz for servers (nat'ed)
    em3 is network for wireliss (authpf/nat'ed)
    em4 is network for internal machines (nat'ed)

    Now what I have is the whole shebang nat'ed through to the dsl interface --
    I have considered load balancing between the two, but have decided that the
    relative bandwidth variance (512Mbit/s on DSL + 3.2Mbit/s on Cable) would
    make everything half real fast and half not so fast. Ideally what I would
    like is to be able to do the following:

    1) rdr critical ports from both the cable and dsl interfaces to the servers
    in the dmz and _have it go back out on the same interface_ -> I'm running
    into trouble getting the packets to go back out the cable interface, my
    guess is because the dsl is my default gateway. Resolutions to this? I
    could do a reverse nat rule so that requests to the cable interface appear
    to the server as coming from the nat box itself, but I'd like to have a
    better solution if one exists... I tried to use a route-to rule to fix it
    up but it didn't seem to work right. Your advice is greatly appreciated.

    2) nat everything from em4 through to the cable, unless cable is offline
    then automatic fallover to the dsl (no problem scripting that - but if there
    are any issues I should be aware of in setting this up do give me a heads
    up)

    Thanks a lot,
    Adam 

    -- 
"Mr. Spock, letting yourself get hit on the head is not
something King Solomon would approve." -- Captain Kirk
  • Next message: Panties on me gaelic haed!: "Backups; the dumbest question in the world"

    Relevant Pages

    • RE: NAT vs Public IP Range info needed, please
      ... > firewall and nat duties. ... -redirect_address localIP publicIP ... the DSL PCI card). ... This is your internal, non-DMZ interface, i.e. NAT'd. ...
      (freebsd-questions)
    • Re: show interfaces output - explain?
      ... If you want to check your xDSL speed use show dsl command and look for Speed ... Total bandwidth for that interface? ... reliability 255/255, txload 11/255, rxload 6/255 ...
      (comp.dcom.sys.cisco)
    • Re: pf multiple networks, two gateways, route-to question
      ... "Adam Taube" wrote: ... %Now what I have is the whole shebang nat'ed through to the dsl ... %in the dmz and _have it go back out on the same interface_ -> I'm ... %to the server as coming from the nat box itself, ...
      (comp.unix.bsd.openbsd.misc)
    • Re: DSL
      ... As someone has already pointed out, you can connect to your DSL provider ... what does matter is that your interface is set up properly. ... IP that you are using c-net and your DNS should be: ... Now go back to the Connections tab & click on the Properties for eth1. ...
      (Ubuntu)
    • Re: Firewall appliance that can do routing?
      ... Michael Russell wrote: ... I'm looking at the the SonicWall and WatchGuard ... > Part of the DSL package is 8 IP addresses. ... The DSL modem is plugged into the external interface and the ...
      (comp.security.firewalls)