Hi all,
Up till now, I've had my home situation with one cable connection to the big
bad internet, and a firewall in between it to handle all the filtering and NAT
etc, running ipfilter.
Now that I'm adding a second uplink to the box (a DSL line) im seeing some
problems with ipfilter, namely:
1) It will not properly redirect traffic to the DSL NIC, it always
chooses the path the kernel routing table says or throws the packets into the
bitbucket
2) When redirecting using ipnat on the new interface, there is an
issue in the state-table, causing returning replies to be blocked (or again,
sent out the wrong way, which makes the reply come from a different IP the
request was fired to .. a hilaric sight :)
Therefore I am thinking of swaying back to ipfw/natd on this box, but I have
a few questions with regard to that:
1) The ipfw fwd command does exactly what I need in regard to selecting
traffic to travel non-default paths, great ! (not actually a question ;)
2) Will running two different natd's on different ports cause any issues ?
My thought was to:
ipfw add 50 divert 8668 ip from any to any via xl0 (cable interface)
ipfw add 55 divert 8669 ip from any to any via xl1 (dsl interface)
and then the natd's:
/sbin/natd -n xl0 -f /etc/natd.cable.conf
/sbin/natd -n xl1 -p 8669 /etc/natd.dsl.conf
The config files have port redirects and the kinds in them.
The firewall will be set to allow specific incoming traffic only, and the rest
is allowed by state-checking.
Will this give me any unforseen issues ?
Gr,
--
Nils Vogels PGP:0xC26BD15F Available on keyservers.
S@H:5118WU/6.940yr --> setiathome.ssl.berkeley.edu. Will you find aliens?
My other computer is your windows box.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
