2 isp's, one LAN and need to divide traffic.
Edwin Culp
eculp at viviendaatualcance.com.mx
Fri Feb 6 08:33:29 PST 2004
Quoting chris scott <chris.scott at uk.tiscali.com>:
> should be easy enough to do. You will probably need to have two instances of
> natd running, one for each interface. e.g.
>
> /sbin/natd -a x -p 8868
> /sbin/natd -a y -p 8869
That is another option that I should try and probably why the rules diverts and
forwards that I tried without two processes didn't work. A question on rule 3
below shouldn't tun0 be interface y from above?
Thanks so much for your help. One thing for sure I've read more about natd and
natd.conf than I ever expected and thanks to you folks, I'm starting to see the
light at the end of the tunnel.
Have a great weekend.
ed
>
> where x and y are the ips of the interfaces you are using, you could
> probably use the -n option and -dynamic options if you are on a static
> setup.
>
> Note it will be inportant which interface your default route will point to.
> I'm assuming its tun0.so am configuring ipfw to deal with outgoing traffic
> on that interface, something like this should do
>
> ipfw add 1 divert 8868 tcp from any to any 25 out via tun0
> ipfw add 2 divert 8868 udp from any to any 53 out via tun0
> ipfw add 3 divert 8869 all from any to any via tun0
>
> these rules should redirect outgoing mail and dns requests to a different
> instance of natd than is used for all other traffic
> this will be bound to tun1
>
> There is also another potential way of doing it as well. If you have a list
> of all the dns and email servers your clients use you could add some static
> routes for those hosts/subnets to force all traffic for them to use a
> specific interface. This would be cludgy though as all traffic for those
> hosts would be forced that way not just email and dns
>
>
> Chris
>
>
> ----- Original Message -----
> From: "Edwin Culp" <eculp at viviendaatualcance.com.mx>
> To: "Ryan Thompson" <ryan at sasknow.com>
> Cc: <net at freebsd.org>
> Sent: Thursday, February 05, 2004 5:56 PM
> Subject: Re: 2 isp's, one LAN and need to divide traffic.
>
>
>> Quoting Ryan Thompson <ryan at sasknow.com>:
>>
>> > Edwin Culp wrote to net at freebsd.org:
>> >
>> >> Is there a, hopefully simple, way to divide bidirectional traffic
>> >> (LAN/INTERNET)between 2 internet connections more or less as the
>> >> diagram below. I've just added a DSL connection with a lot more
>> >> bandwidth than my ds0. I want to use the ds0 exclusively for email and
>> >> DNS that I consider, in my case, to be lower priority and the DSL for
>> >> all other traffic?
>> >
>> > Sure. Unless I'm misunderstanding what you're asking for... just bind
>> > your email and DNS server to one or two of the ds0 IPs. Don't listen for
>> > those services on the Provider2 IP. Then bind your other services to the
>> > Provider2 IP.
>> >
>> > If you're directing this all to an RFC1918 internal network (i.e., the
>> > server(s) do not have public IPs), you're probably already using NAT,
>> > and can make use of static NAT and the -redirect_port feature.
>>
>> Ryan
>>
>> That is exactly what I want to do. I've seen that in the NAT docs but was
>> unsure how and if it would work in my case. I've never used NAT in
> anything
>> but the default firewall configuration. I'm going to do some reading and
>> testing.
>>
>> Thanks so much,
>>
>> ed
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
>>
>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list