Routing With Two ISPs?

Aaron Burke aburke at nullplusone.com
Mon Nov 10 05:58:59 PST 2003 

> Subject: Re: Routing With Two ISPs?
>
>
> [ Charset windows-1252 unsupported, converting... ]
> > I have a 4.8 box serving as a gateway with two connections to the
> > Internet.  Is there some way to set the box up so that packets are
> > routed out through the same interface from which they arrived?  For
> > example, if a connection is initiated on port 80 from a packet arriving
> > on one interface, is there a way to make the outgoing packets from my
> > web server use that same interface as a gateway instead of the default
> > interface?
> >
> > Any suggestions appreciated.
> It's easy IMHO
Its not too difficult to set up and get running. I also have two ISP's
(Cable Modem and DSL). If I understand what your asking, its similar
to my situation.

Because I run natd on both interfaces, I had to do a little poking around
until I finally got everything working correctly. One of my ip addresses
is provided via DHCP, the other is static.

First off, in /etc/services copy the natd line and rename it natd2, change
the port number to 8669 as well. (eg ..)
natd            8668/divert # Network Address Translation
natd2           8669/divert # Network Address Translation

Second, I created a scripts that run natd on both ethernet cards
and set them as executable.
europa# more /usr/local/etc/rc.d/dc0-natd.sh
#!/bin/sh
if [ $# -eq 0 -o x$1 = xstart ]; then
    /sbin/natd -p natd -s -u -f /etc/natd.conf -n dc0 && echo -n ' natd
started on dc0'
    cp /var/run/natd.pid /var/run/natd.dc0.pid
fi
if [ x$1 = xstop ]; then
  if [ -f /var/run/natd.dc0.pid ]; then
    kill `cat /var/run/natd.dc0.pid`
  fi
fi

europa# more /usr/local/etc/rc.d/ed0-natd.sh
#!/bin/sh
if [ $# -eq 0 -o x$1 = xstart ]; then
    /sbin/natd -p natd2 -s -u -f /etc/natd.conf -n ed0 && echo -n ' natd
started on ed0'
    cp /var/run/natd.pid /var/run/natd.ed0.pid
fi
if [ x$1 = xstop ]; then
  if [ -f /var/run/natd.ed0.pid ]; then
    kill `cat /var/run/natd.ed0.pid`
  fi
fi

Then I commented out the natd lines in /etc/rc.conf for natd, because
I am running it from these other scripts instead. I would run it from
rc.conf, but I would have needed to hack up some other rc.files to get
that working. A seperate script requred less code.

At this point both networks work, and they can both be used as the
default gateway. I also suggest adding mappings to the default gateway
on both ISP's to /etc/hosts . This will save most people a small head
ache.

Next up, my DSL provider has given me a subnet mask of 255.255.255.224.
However, he owns the entire class C address space. So to save myself
a bit of time, I added a static route to his Class C in /etc/rc.conf .
(in /etc/rc.conf)
static_routes="dsl"
route_dsl=" -net x.y.172 x.y.172.104 255.255.255.0"

And finally, if you are running a firewall, you need to make sure that
you have divert rules in place for both natd interfaces.
In my case I use (dc0 = Cable, ed0 = DSL):
ipfw add 00100 divert 8668 ip from any to any via dc0
ipfw add 00101 divert 8669 ip from any to any via ed0

> Each external iface with it's own natd,
> each forwards 80 port incoming to two
> http servers with different IP or port.
Just remember, natd needs to run on seperate ports. And you can tell
natd which port to use with the -p arguement.

>
> outgoing traffic can be forwarded to appropriate
> natd via ipfw rules depending on src IP or port
Yes, several people also divert certain types of traffic
out specific interfaces using Firewall rules. My situation
doesnt really require this, but several people can share there
examples.

Hope this is what you were asking for. And with any luck, I have
not forgotten to mention anything. If it isnt working for you,
feel free to get in touch with me via aburke at nullplusone.com.

More information about the freebsd-net mailing list