Problem routing via two NICs to same subnet

[Edvard Fagerholm]

Hello!

I'm building an interesting configuration and came up with some problems. Me and
my roommate both have our own 10mb internet connection through the same ISP. The
connection works over ethernet and IPs are assigned with DHCP and everyone in
the building receives IPs from the same subnet.

I'm building a firewall with NAT that would translate his internal IPs to the
IP assigned to the NIC connected to his connection and my internal IPs to my
NIC's IP.


Basically we have:

	192.168.0.xxx-yyy	192.168.0.aaa-bbb

			192.168.0.1
			    FW
	NIC1 80.221.x.a		   NIC2 80.221.x.b

			80.221.x.1
			    GW

To do the NAT, I simply use:

nat on $my_nic from $my_ips to any -> ($my_nic)
nat on $his_nic from $his_ips to any -> ($his_nic)

and to force outgoing packets to the right interfaces I use:

pass in quick on $int_if route-to ($my_nic 80.221.x.1) from $my_ips to ! \
192.168.0.1
pass in quick on $int_if route-to ($his_nic 80.221.x.1) from $his_ips to ! \
192.168.0.1

Now the problems. To get IPs I have to use DHCP. I use the wide implementation,
because that can handle multiple interfaces as opposed to FreeBSD's. Of course
after getting an address for the first interface, the second interface can't set
it's address, because it gets and SIOCAIFADDR. I fixed this by modifying the
DHCP-client, so that it'll delete the conflicting route before it is run for the
second interface. This way both interfaces can get an IP from the same subnet.

If I understand route-to correctly, then no routing whatsoever is done on the
packet and the only thing that needs to be done before sending the packet is to
lookup up the MAC address of the destination? Now 80.221.x.1 only gets assigned
to one of the interfaces and I can only route data through that interface. The
packets put in the outbound queue of the other interface never leave the
firewall. Any suggestions? Anyway to assign the IPs manually, so that this
would work?

Regards,
Edvard Fagerholm