ipfw FWD, NAT and routing
Gorm J. Siiger
gjs at sonnit.dk
Tue Nov 11 01:36:13 PST 2003
Hi
I'm experimenting with a dual ISP setup using NAT, as eacy ISP has provided
me with a subnet of official IP adresses.
Network setup:
-------- --------
| ISP1 | | ISP2 |
-------- --------
| |
| -------- |
-----| FW |----
--------
|
|
--------
|Server|
--------
ISP1 LAN : 20.0.0.0/29
ISP2 LAN : 21.0.0.0/29
Server LAN : 10.0.0.0/24
Server IP on ISP1: 20.0.0.2
Server IP on LAN: 10.0.0.2
Server IP on ISP2: 21.0.0.2
Server IP on LAN: 10.0.0.3
The default gateway for the FW box is ISP1
I can connect to the whole world via ISP1 from the server with source IP
10.0.0.2 but when I try to connect to a host via ISP2 from source 10.0.0.3
the TCP connection is very slow, and there is a lot of retransmissions.
If I change the FW's default gateway to ISP2 it works like a charm.
Any suggestions on how to fix this problem.
/usr/local/etc/natd.conf
use_sockets
unregistered_only yes
alias_address 20.0.0.6
redirect_address 10.0.0.2 20.0.0.2
redirect_address 10.0.0.3 21.0.0.2
/etc/rc.firewall
${fwcmd} add 400 divert natd all from any to any via ${isp0if}
${fwcmd} add 405 divert natd all from any to any via ${isp1if}
${fwcmd} add 505 fwd 21.0.0.0 ip from 21.0.0.0/29 to any
--
Gorm J. Siiger - SonnIT
More information about the freebsd-ipfw
mailing list