multihomed fbsd7 router with nat
Andrew D
andrewd at webzone.net.au
Mon Oct 6 13:34:42 UTC 2008
G'Day all,
Got a network that has 2 DSL connections.
The 1st has cheap data and the 2nd is a more reliable provider.
Basically all data goes out the first provider except some IPs which
will use the second provider (just a ipfw fwd rule).
If the cheap one goes offline data has to route out via the 2nd ISP,
likewise if the 2nd does happen to go off then the fwd rule needs to be
dropped.
I have already solved this with an attached script (for
suggestions and maybe to help others who may face this problem in the
future).
Anyway I plan to put the 2 modems into bridge mode use the ppp that
comes with fbsd to do the auth side of things.
My question is what should I use for NAT. Use the inbuilt NAT that
comes with PPP or firewall based?
TIA
Cheers
cya
Andrew
-------------- next part --------------
#!/usr/local/bin/bash
FWRUL=10000
# put main connection first
# the names must match the config names in /etc/ppp/ppp.conf
# Must also have a /etc/namedb/named.conf.ISP_NAME for each
# ISP so that named's forward lookups points to the right name server
PISP='isp1'
BISP='isp2'
FWBLOCK='192.168.1.209/28'
LAN='192.168.1.0/24'
# Functions
function getgwip {
PID=$1
GW=''
for i in 0 1 2 3 4 5 6 7 8 9; do
STR=`ifconfig tun$i 2>/dev/null |grep "PID $pid" `
if [ -n "$STR" ]; then
GW=`ifconfig tun$i |grep inet |tail -n 1|awk '{print $2 " " $4}'`
fi
done
echo $GW
}
function ch_route {
X="Changing routing for all data to: $2\nOld default gateway: $3"
GW=`getgwip $1 |awk '{print $2}'`
if [ "$GW" == "$3" ]; then
exit;
fi
echo "$X"
/sbin/route delete default
/sbin/route add default $GW
echo "New default gateway: $GW"
cp /etc/named/named.conf.$ROUTO /etc/namedb/named.conf
/etc/rc.d/named reload
exit
}
function ch_firewall {
if [ "$1" != "$PISP" ]; then
/sbin/ipfw -q delete $FWRUL >/dev/null 2>&1
else
F=`ipfw show $FWRUL 2>/dev/null|| echo FAIL`
if [ "$F" == "FAIL" ]; then
/sbin/ipfw -q add $FWRUL fwd $2 ip from $FWBLOCK to not $LAN
fi
fi
}
PPPCOM='/usr/sbin/ppp -quiet -ddial -nat '
PID1=`ps ax | grep ppp | grep -v grep |grep "$PISP" |awk '{print $1}'`
PID2=`ps ax | grep ppp | grep -v grep |grep "$BISP" |awk '{print $1}'`
ROUTO=''
if [ -z "$PID1" ] then
$PPPCOM $PISP >/dev/null 2>&1 &
ROUTO=$BISP
RPID="$PID2"
fi
if [ -z "$PID2" ] then
$PPPCOM $BISP >/dev/null 2>&1 &
ROUTO=$PISP
RPID=$PID1
fi
CGW=`netstat -rn | grep "^default" | awk '{print $2}'`
if [ -n "$ROUTO" ]; then
echo "restarting $ROUTO"
ch_firewall clear
ch_route $RPID "$ROUTO" "$CGW"
fi
TMP=`getgwip $PISP`
PGW=`echo $TMP | awk '{print $2}'`
PIP=`echo $TMP | awk '{print $1}'`
TMP=`getgwip $BISP`
BGW=`echo $TMP | awk '{print $2}'`
BIP=`echo $TMP | awk '{print $1}'`
OUT="Current default gateway: $CGW"
if [ -z "$PIP" -a -z "$BIP" ]; then
logg "BOTH $PISP and $BISP are DOWN!!"
exit
fi
if [ -z "$PIP" ]; then
if [ "$CGW" != "$BGW" ]; then
logg "$PISP currently down"
ch_firewall clear
ch_route $PID2 "$BISP" "$CGW"
fi
exit
fi
if [ -z "$BIP" ]; then
if [ "$CGW" != "$PGW" ]; then
logg "$BISP currently down"
ch_firewall clear
ch_route $PID1 "$PISP" "$CGW"
fi
exit
fi
PISPING=`ping -n -s 1 -o -c 5 -S $PIP -W 5000 -t 6 $PGW >/dev/null 2>&1 || echo FAIL`
BISPING=`ping -n -s 1 -o -c 5 -S $BIP -W 5000 -t 6 $BGW >/dev/null 2>&1 || echo FAIL`
if [ "$PISPING" == "FAIL" ]; then
if [ "$CGW" != "$BGW" ]; then
logg "$PISP currently down"
ch_firewall clear
ch_route $PID2 "$BISP" "$CGW"
fi
exit
fi
if [ "$BISPING" == "FAIL" ]; then
if [ "$CGW" != "$PGW" ]; then
logg "$BISP currently down"
ch_firewall clear
ch_route $PID1 "$PISP" "$CGW"
fi
exit
fi
FWCHECK=`ipfw show $FWRUL 2>/dev/null || echo FAIL`
if [ "$FWCHECK" != "FAIL" ];
logg "Added policy routing for $FWBLOCK"
ch_firewall $PISP
fi
if [ "$CGW" != "$PGW" ]; then
logg "Changed routing back to $PISP"
ch_route $PID1 "$PISP" "$CGW"
fi
More information about the freebsd-questions
mailing list