SOLVED re: mult public conn/mult private conn routing

steve at freeslacker.net steve at freeslacker.net
Sun May 11 18:25:34 PDT 2003 

This has now been solved. Here's how for anyone who might be put in such a situation in the future and need a hand like I did.

1. Add firewall and divert to kernel

... <snip>
options         IPFIREWALL
options         IPDIVERT
... <snip>

2. configure rc.conf

... <snip>
defaultrouter="<gateway IP for 1st public network>"
gateway_enable="YES"
ifconfig_fxp0="inet <public IP #1>  netmask 255.255.255.192"
ifconfig_fxp1="inet <public IP #2>  netmask 255.255.255.192"
ifconfig_em0="inet <private IP #1>  netmask 255.255.255.0"
ifconfig_em1="inet <private IP #2>  netmask 255.255.255.0"
firewall_enable="YES"
firewall_type="/etc/ipfw.conf"
natd_enable="YES"
natd_program="/usr/local/sbin/natdhack"
... <snip>

3. configure /etc/ipfw.conf

... <snip>
add 00100 divert 8668 ip from <private IP #1>/24 to any
add 00100 divert 8669 ip from <private IP #2>/24 to any
add 00200 divert 8668 ip from any to <public IP #1>
add 00200 divert 8669 ip from any to <public IP #2>
add 00300 fwd <gateway IP for 2nd public network> ip from <public IP #2> to any
... <snip>

4. configure natd_program # /usr/local/sbin/natdhack

#!/bin/sh -
#
# Initialization script for multiple natd's

/sbin/natd -m -s -p 8668 -alias_address <public IP #1>;
/sbin/natd -m -s -p 8669 -alias_address <public IP #2>;

many thx to David for repeatedly helping me. without that help I am sure I would still not have this solved.

Steve Stremciuc

------------------ original question post

Hello,

I am having a problem with setting up a box I just built for the 
dedicated purpose of being a freebsd router. Below is a diagram describing my 
physical setup:

ISP conn #1                            ISP conn #2
  |                                          |
  \  68.x.x.x/26          24.x.x.x/26       /
   -----------------_____-------------------
               fxp0|     |fxp1
                   |     |
                em0| ____|em1
                  /       \
192.168.0.1/24____|       |_____192.168.100.1/24

fxp0 is 3.2Mb/s down 256Kbp/s up and will be used by all normal hosts 
on em0
fxp1 is 3.2Mb/s down 450Kbp/s up and will be used by servers on em1

What I want to achieve is having all outbound traffic from em0 
(192.168.0.1/24) use fxp0, and all outbound traffic from em1 (192.168.100.1/24) 
use fxp1. em0 and em1 should be able to talk to each other. The problem 
is that since defaultrouter="68.x.x.x" is specified in /etc/rc.conf all 
traffic gets routed out through fxp0. Also, since natd_interface="fxp0" 
is specified, all packets are nat'ed from either em0 or em1 through 
fxp0.

Is it possible to have natd on both fxp0 *and* fxp1 (i tried putting 
both natd_interface="fxp0" and natd_interface="fxp1" in /etc/rc.conf but 
this did not work)? Once a packet gets routed to fxp1, it just times 
out since the default route is atached to only fxp0.

I've read up on routed and ipfw, but do not see a way to tell fxp0 to 
use defaultrouter A, and tell fxp1 to use defaultrouter B. Do I have to 
run a routing daemon for this? (examples/suggestions would be 
appreciated)

Any ideas?

Steve Stremciuc

More information about the freebsd-net mailing list