ISP redundancy and with IPFW

Simon Chang agentflicker at
Mon May 24 06:31:52 PDT 2004

Hello all,

IPFW newbie question.

I am lucky enough to have 2 ADSL connections with 6 static addresses on each 
router. I have a web server that needs to be always availaible from the 
internet for our road warriors. What I would like to do is give this web 
server a private address say and put it behind a freeBSD/IPFW 
firewall. I would then like to nat this private address to a public address 
from each ISP's range.
Say for ISP1 (The ISP router address is
and for ISP2 (The ISP router address is

This would mean that our roadwarriors could type into their browsers either or and arrive at the web server.

The problem I'm not sure about is how to configure the return routing of the 
packets (I don't think I can use a default router on the firewall).

Say for example ISP1 was down - does not work, so the user types the packet arrives at the firewall is natted to and sent 
to the web server. The retun packet is returned to the firewall where the 
souce is "unnattted" to (destination could be anything), how do I 
specify a rule that says for this source address (in ISP2's network) send 
the packet to ISP2's router (

Obviously I cannot route by destination address as this could be anything 
(for the return packets).

Is this possible with IPFW? and Nat together?
Has anyone a similar rule set that they could send me?

Cheers, Simon Chang.

MSN 8 with e-mail virus protection service: 2 months FREE*

More information about the freebsd-ipfw mailing list