ipfw / ppp NAT
Chris Knipe
savage at savage.za.org
Sun Feb 6 05:15:15 PST 2005
> given that tun0 is the interface that connects x.x to the world (y.y)
> then what you have now would be:
> "ipfw add divert natd all from any to any via tun0"
>
> from what I understand what you want you should probably add somethin
> like:
> "ipfw add divert natd all from any to any via rl0"
> rl0 being the interface connecting x.x to x.1
>
> on related news, why would u want to do something like that ?
>
> Hexren
Quite complex....
1) I have a routed network on 198.18/15 going via NAT to the net.
2) I have two gateways, running VRRP for high redundancy.
3) Gateway 1 routes "local traffic" via tun0, the rest (ala international)
is sent to gateway 2
4) Gateway 2 routes "the rest" via tun0, and "local traffic" to gateway 1
This all happens now via BGP, and so far this is working without a problem.
The problem now, is that I only receive one "real" IP per PPPoE session.
Multilink is out of the question (not supported), so is getting multiple IPs
per session. A further problem, is that the gateway address of these PPPoE
sessions, are 100% exactly the same.
Thus, what I need to achieve now (and hence what is my problem):
1) I need to establish MULTIPLE PPPoE sessions on Gateway 1 (even if the
gateway address of the PtP link are the same) - BIG problem.
I have semi fixed this by forcing my gateway address of the secondary pppoe
sesssions to be the rl0 interface (and this is working) (i.e. ifaddr
10.0.0.1/32 x.x.x.x 255.255.255.0 0.0.0.0)
2) I need to be able to forward the live ip address received from one of the
secondary PPPoE Sessions on Gateway1 to any host inside my routed network
(198.18/15).
3) The load balancing and routing between Gateway 1 and Gateway 2 should all
still work, and basically just exclude what ever is happening on the
secondary PPPoE Sessions.
I know I'm not giving allot of information, but this is ALLOT of work /
configurations. If it's not a problem, I will post what is required (config
wise), but yeah... We're talking close to 300 statically managed routes
between Gateway 1 & 2...
What my problem is now, is basically what would seem, like a nat / routing
issue.
PPP1 -> GW1 -> 198.18/15
PPP2 -> GW1 -> CLIENT1 INSIDE 198.18/15
Incoming, the connectivity is working. I establish a connection to PPP2,
GW1 forwards the data to CLIENT1, and a tcpdump shows that the data does
arrive. The problem is that the replies from CLIENT one, goes to GW1 and
GW1 transmit the data back to the Internet via PPP1, and not PPP2......
Thus, in a nutshell now, I need to "map" PPPx to CLIENTx without causing any
problems for the rest of the network....
--
Chris
More information about the freebsd-questions
mailing list