multiple natd + ipfw, with 2 internal ip's
Unix-Solutions - Steven
steven at unix-solutions.be
Sat Jan 28 04:02:38 PST 2006
Hi you guy's,
I have a little problem with my natd or ipfw configuration.
Current situation:
ISP1 = Telenet (Belgium)
Speed: 20 mbit/s down & 1 mbit/s upload
We get ip via dhcp
ISP2 = Versatel (Belgium)
Speed: 1 mbit/s down & 1 mbit/s upload
We have a range with static ip's
Versatel is our backup ISP
because this line is very slow
Currently we are running on telenet but we want to switch to versatel when telenet is down.
Config that works:
TELENET --> ROUTER
VERSATEL --> ROUTER
ROUTER --> INTERNAL NETWORK
RC.conf:
# 84.195.224.254 --> gateway of telenet
defaultrouter="84.195.224.254"
hostname="router.intranet.local"
ifconfig_fxp0="inet 192.168.2.254 netmask 255.255.255.0"
# VERSATEL
ifconfig_xl0="inet 62.166.141.36 netmask 255.255.255.248"
# TELENET
ifconfig_xl1="DHCP"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
firewall_logging="YES"
firewall_script="/etc/ipfw.rules"
natd_enable="YES"
natd_interface="xl1"
natd_flags="-f /etc/natd.conf"
IPFW.rules:
ipfw -f flush
ipfw add 00001 divert natd ip from any to any via xl1
ipfw add 00002 divert natd ip from any to 62.166.141.32/29 via xl0
ipfw add 00004 allow ip from any to any via lo0
ipfw add 00005 deny ip from any to 127.0.0.0/8
ipfw add 00006 deny ip from 127.0.0.0/8 to any
ipfw add 00007 allow ip from any to any
Now I want to add 192.168.2.253 as alias on the FXP0
and when a PC on my internal network sets his gateway to 192.168.2.253
I want that this PC takes the versatel route.
How is this possible ?
I'm currently followed this manual => http://www.opennet.ru/base/net/freebsd_2x_natd.txt.html
I translated it with babelfish => http://pub.beenske.be/docs/dual-natd+ipfw.txt
Config files:
RC.conf:
# 84.195.224.254 --> gateway of telenet
defaultrouter="84.195.224.254"
hostname="router.intranet.local"
ifconfig_fxp0="inet 192.168.2.254 netmask 255.255.255.0"
ifconfig_fxp0_alias0="inet 192.168.2.253 netmask 255.255.255.255"
# VERSATEL
ifconfig_xl0="inet 62.166.141.36 netmask 255.255.255.248"
# TELENET
ifconfig_xl1="DHCP"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
firewall_logging="YES"
firewall_script="/etc/ipfw.rules"
natd_enable="YES"
natd_interface="xl1"
natd_flags="-f /etc/natd.conf"
natd2_enable="YES"
natd2_interface="62.166.141.36"
natd_flags="-f /etc/natd2.conf"
ipfw.rules:
ipfw -f flush
ipfw add 00001 divert natd ip from any to any via xl1
ipfw add 00002 divert natd ip from any to 62.166.141.32/29 via xl0
ipfw add 00003 divert 8669 ip from 192.168.2.253 to any via xl0
ipfw add 00004 allow ip from any to any via lo0
ipfw add 00005 deny ip from any to 127.0.0.0/8
ipfw add 00006 deny ip from 127.0.0.0/8 to any
ipfw add 00007 allow ip from any to any
natd.conf & natd2.conf:
redirect_port tcp 192.168.2.30:3389 3389 (a windows pc that i want to access over RDP)
Can you please help me ?
Greetz,
Steven Bens
CEO Unix-Solutions.be
More information about the freebsd-net
mailing list