FreeBSD multi-homed w/ipnat

2005-02-18 Thread Peter Kieser 
Hello,
I am unable to get ipnat working in a multi homed FreeBSD system. Is 
there some special method that works? because I've yet to find it. What 
I am attempting to do is:

I have 2 Internet Connections (one is DSL and the other is cable), they 
are dc0 and dc1 respectively. I also have an interface facing my local LAN.

I have two segments on my LAN, one is 192.168.1.0/24, and the other is 
192.168.2.0/24 - What I am attempting to do is have the DSL line (dc0) 
to be used for one segment, and the cable (dc1) for the other segment. I 
am *not* attempting to load balance.

My current ifconfig produces the following:
dc0: flags=108843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   options=8VLAN_MTU
   inet6 fe80::250:bfff:fead:886%dc0 prefixlen 64 scopeid 0x1
   inet 64.180.103.x netmask 0xfc00 broadcast 64.180.103.255
   ether 00:50:bf:ad:08:86
   media: Ethernet autoselect (10baseT/UTP)
   status: active
dc1: flags=108843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   options=8VLAN_MTU
   inet6 fe80::250:bfff:fead:884%dc1 prefixlen 64 scopeid 0x2
   inet 70.68.27.x netmask 0xfc00 broadcast 255.255.255.255
   ether 00:50:bf:ad:08:84
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
   inet6 fe80::211:d8ff:fe3d:564a%vr0 prefixlen 64 scopeid 0x3
   ether 00:11:d8:3d:56:4a
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384
   inet 127.0.0.1 netmask 0xff00
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
The gateway for dc1 is 70.68.24.1, the gateway for dc0 is 
64.180.100.254, I have managed to get both IP addresses working on the 
machine by adding the following ipf rule:

pass out quick on dc0 to dc1:70.68.24.1 from 70.68.27.x to any
pass out quick on dc1 to dc0:64.180.100.254 from 64.180.103.x to any
This makes sure that the packet is forwarded to the correct interface 
based on the source IP address, however when I enabled these rules my 
NAT *fails* forward packets to the internet, my ipnat configuration is 
as follows:

map dc0 192.168.1.0/24 - 0/32
map dc1 192.168.2.0/24 - 0/32
Am I missing something here?
--Peter
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD multi-homed w/ipnat

2005-02-18 Thread Dick Hoogendijk 
On 18 Feb Peter Kieser wrote:
 vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
inet6 fe80::211:d8ff:fe3d:564a%vr0 prefixlen 64 scopeid 0x3
ether 00:11:d8:3d:56:4a
media: Ethernet autoselect (100baseTX full-duplex)
status: active
 map dc0 192.168.1.0/24 - 0/32
 map dc1 192.168.2.0/24 - 0/32

I only seee 192.168.1.1 defined. Is this a typo or is there inof
missing?

-- 
dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE
++ Running FreeBSD 4.11 ++ FreeBSD 5.3
+ Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD multi-homed w/ipnat

2005-02-18 Thread Peter Kieser 
Dick Hoogendijk wrote:
On 18 Feb Peter Kieser wrote:
 

vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
  inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
  inet6 fe80::211:d8ff:fe3d:564a%vr0 prefixlen 64 scopeid 0x3
  ether 00:11:d8:3d:56:4a
  media: Ethernet autoselect (100baseTX full-duplex)
  status: active
map dc0 192.168.1.0/24 - 0/32
map dc1 192.168.2.0/24 - 0/32
   

I only seee 192.168.1.1 defined. Is this a typo or is there inof
missing?
 

The map with the CIDR prefix only specifies what IP addresses the NAT 
will masquerade for, still doesn't explain why 192.168.1.0/24 masquarde 
fails to work. You can specify the subnet mask for 192.168.1.1 as 
255.255.254.0 to cover both those blocks, which is a 192.168.0.0/23.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]