2 isp's, one LAN and need to divide traffic.

chris scott chris.scott at uk.tiscali.com
Fri Feb 6 05:02:40 PST 2004 

should be easy enough to do. You will probably need to have two instances of
natd running, one for each interface. e.g.

/sbin/natd -a x -p 8868
/sbin/natd -a y -p 8869

where x and y are the ips of the interfaces you are using, you could
probably use the -n option and -dynamic options if you are on a static
setup.

Note it will be inportant which interface your default route will point to.
I'm assuming its tun0.so am configuring ipfw to deal with outgoing traffic
on that interface, something like this should do

ipfw add 1 divert 8868 tcp from any to any 25  out via tun0
ipfw add 2 divert 8868 udp from any to any 53 out via tun0
ipfw add 3 divert  8869 all from any to any via tun0

these rules should redirect outgoing mail and dns requests to a different
instance of natd than is used for all other traffic
this will be bound to tun1

There is also another potential way of doing it as well. If you have a list
of all the dns and email servers your clients use you could add some static
routes for those hosts/subnets to force all traffic for them to use a
specific interface. This would be cludgy though as all traffic for those
hosts would be forced that way not just email and dns


Chris


----- Original Message ----- 
From: "Edwin Culp" <eculp at viviendaatualcance.com.mx>
To: "Ryan Thompson" <ryan at sasknow.com>
Cc: <net at freebsd.org>
Sent: Thursday, February 05, 2004 5:56 PM
Subject: Re: 2 isp's, one LAN and need to divide traffic.


> Quoting Ryan Thompson <ryan at sasknow.com>:
>
> > Edwin Culp wrote to net at freebsd.org:
> >
> >> Is there a, hopefully simple, way to divide bidirectional traffic
> >> (LAN/INTERNET)between 2 internet connections more or less as the
> >> diagram below.  I've just added a DSL connection with a lot more
> >> bandwidth than my ds0. I want to use the ds0 exclusively for email and
> >> DNS that I consider, in my case, to be lower priority and the DSL for
> >> all other traffic?
> >
> > Sure. Unless I'm misunderstanding what you're asking for... just bind
> > your email and DNS server to one or two of the ds0 IPs. Don't listen for
> > those services on the Provider2 IP. Then bind your other services to the
> > Provider2 IP.
> >
> > If you're directing this all to an RFC1918 internal network (i.e., the
> > server(s) do not have public IPs), you're probably already using NAT,
> > and can make use of static NAT and the -redirect_port feature.
>
> Ryan
>
> That is exactly what I want to do.  I've seen that in the NAT docs but was
> unsure how and if it would work in my case.  I've never used NAT in
anything
> but the default firewall configuration.  I'm going to do some reading and
> testing.
>
> Thanks so much,
>
> ed
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
>

More information about the freebsd-net mailing list