[ previous ] [ next ] [ threads ]
 
 From:  William Marcelo Piovezan <william at uli dot com dot br>
 To:  Jean Everson Martina <everson at inf dot ufsc dot br>, pmok at optushome dot com dot au, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 2 wans one m0n0wall
 Date:  Wed, 27 Oct 2004 21:31:46 -0200 
William.

At 13:36 27/10/2004, Jean Everson Martina wrote:
>I had some experience doing this stuff using BSDs. First I implemented a 
>policy routing that a friend told me, using IPFW, it is very easy to do, 
>but it is not load balancing, it is just routing by source.
>
>the basis are:
>
>build a kernel with whis flags:
>
>options IPFIREWALL
>options IPFIREWALL_FORWARD
>options IPDIVERT
>
>and using this network scheme:
>
>xl0 (LAN):
>IP: 192.168.0.1
>REDE: 192.168.0.0 / 255.255.255.0
>
>xl1 (ISP1):
>IP: 100.100.100.100
>Gateway: 100.100.100.1
>
>xl2 (ISP2):
>IP: 200.200.200.200
>Gateway: 200.200.200.1
>
>
>what you nedd is two natd running, like this:
>
>natd -s -n xl1 -p 8668
>natd -s -n xl2 -p 8669
>
>Have default route poiting to one of the ISPs
>
>route add default 100.100.100.1
>
>
>and the ipfw rules:
>
>00010 divert 8669 ip from any to 200.200.200.200 in recv xl2
>00020 divert 8669 ip from 192.168.0.8 to any out xmit xl1
>00030 fwd 200.200.200.1 ip from 200.200.200.200 to any
>00040 divert 8668 ip from any to 100.100.100.100 in recv xl1
>00050 divert 8668 ip from 192.168.0.5 to any out xmit xl1
>00060 allow ip from any to any
>65535 deny ip from any to any
>
>the trick is on rules 20 and 30. On rule 20 we send the packet to NATD on 
>xl2 for a packet going out on xl1. On rule 30 we forward all packets 
>comming from xl2 ip to next-hop of ISP2
>
>in this example the machine IP 192.168.0.8 will go out using ISP2 and the 
>IP 192.168.0.5 will use ISP1. You can also play with packets by protocol 
>and port, not just machines...
>
>The hole article is at
>http://www.gamk.com.br/index.php?type=1&file=sourcert.txt, but it is in 
>portuguese. But everything needed is stated on this e-mail. If people 
>really whant to have it, I can talk with Diego to translate it.
>
>A better solution should be when upgrading m0n0 to 5.x plattaform, use the 
>pf from OpenBSD. With pf we can really do load ballancing, but this is 
>another problem :)
>
>
>Jean
>
>
>
>
>


--------------------------------------------------
Esta mensagem foi verificada por Ultralink-Scanner
e nenhum virus foi encontrado.

Web Server Ultralink: http://www.ultralink.com.br
--------------------------------------------------