On 2011-12-29 18:56, Joseph Yeager wrote:
Hello all,
I got two ISP lines (1 Mb and 6 Mb) and was planning to route outgoing
"guest traffic" thru the smaller one.
Problem is my FW only has two NICs.
If both external routers are connected to a Cisco switch as well as the
external OpenBSD interface, is it possible to use route-to to send
packets to the ISP gateway I choose?
All the examples I found use three NICs.
Thanks.-
The key to figuring this out is a little more detail on the
specifics of your ISP connections and provided devices. Are they using
just basic modems or devices acting as gateways? If those devices are
gateways then you could simply configure the internal side of those
gateways to different subnets: say 192.168.1.0/24
<http://192.168.1.0/24> for non guest traffic and 192.168.2.0/24
<http://192.168.2.0/24> for guest traffic. The firewall will be
assigned IPs from both subnets on the same interface via an alias. Your
route-to rules for both sides of traffic would use the same network
interface, but specify 192.168.2.1 (assuming .1 is the ISP gateway
address) as the gateway IP for guest traffic.
The other side is if the ISP device is a modem/bridge/media
converter and your firewall gets assigned the public IP addresses. In
that case you need each connection to have a different gateway (which
usually would mean the IPs are on different subnets). If they have
different gateways, you can do the same thing as above except change the
IP addresses to the public ones. If they happen to have the same
gateway, I would look more into aggregating those links and then using
ALTQ to throttle guest traffic on your firewall.
Both devices are modem/bridge/media converter and each provides 5 public
IPs directly to the firewall.
And as each subnet has it's own gateway on a different subnet, I'll just
try the vlan + alias + route-to approach.
Thanks!
