Heres the spiel. As a few may recall, I have a rather nice OpenBSD gateway setup to do NAT and firewalling. I have a pair of DSL lines coming in, one for email/ftp and the other for a web-gui. The gateway at this point doesnt do a whole hell of alot when it comes to the email/ftp pipe. I want it to now.
What I am curious about knowing is, is it possible to route SPECIFIC IP addresses thru the gateway to the email/ftp pipe? The gateway has three channels -- LAN and both WANs. Currently a bridge is doing the firewalling for the mail/ftp pipe. But both the gateway and bridge are behind a NAT enabled router.
Here is my network topolgy. The one change that I still need to make is the addition of the bridge. But that is really a moot point. The gateway is conencted to all three points -- both DSLs and the LAN.
Currently the gateway is set to NAT on the web-gui DSL pipe (McLeod DSL) and the email/ftp is done on the SBC pipe. I need to allow a few users (like me and my CIO) access to certain ftp sites that use the static IP of the SBC line as a "get past the firewall free" card. Hence the routing issue.
I tried doing a
and got a routing table entry, however that didnt quite work correctly at all. I am assuming that my logic is flawed.Code:route add -net FTP_IP 192.168.254.254 (192.168.254.254 is the IP for the DSL router that is doing the nat routing)
Any hints?
The only thing that I can think of would be to build a filter on the router/gateway that would allow access to that port for the servers and clients that need to use that port and block all other addresses, forcing them to go out the other port. This is not really my strong suit but here at work we have several different networks and use various filtering to control access. Sorry if this is useless info.
Well, if I understand you correctly, that is the opposite of what I need. I may have rambled too long, or misworded my needs above. But, I need to go out into the internet over the second DSL pipe. Rdr's dont work and routing table entries didnt work (although I could have done them wrong).
I just need to reroute a handful of IP requests to an alternate route.
Looking on the man page for route, I don't think it's possible to do it in BSD. I could do it with iptables though.
Here is yet another possible solution set your default gateway on those machines to be the IP of the static dsl line and let the gateway machine act as a network bridge.
I don't think what mmiller9 says will work. I don't think you can specify a gateway that's behind another gateway. If OpenBSD works like FreeBSD, there may be a possibility that you can divert the packets from each group of machines to different ports, and configure natd to route each port to a certain interface. I just can't figure out how to do it though. You've asked a tough question. You might ought to go to a BSD bbs and ask. I think there's a way to do it but I just don't know how.
Well, I feel better knowing that it isnt a blatant answer
First off, doing a pf/nat rule wont work. Thats actually was my first choice. I did look hard and long at the route manpage, and tried what seemed logical, but failed on all connection attempts.
I did go ever to Elmore's ScreamingElectron.org and the gurus there were lost as well. I figured possibly someone from the Linux gang possibly knows how.
Ill get on a BSD list and see whats up. As soon as I know whats up, Ill let you all know what the anwer is.
It has been a while since the last post on this subject and I was wondering if you found an answer to your problem?
No new info. I got a few gurus looking into it. I went back into the man pages and went over all of the route, pf, nat, and ifconfig commands up, down, left, right, sideways, backways, diagonally -- and cant seem to figure it out. Everyone is telling me that its an odd request, but should be possible -- somehow. As soon as I figure it out, you will be the next to know.
Posting Permissions
Reply With Quote
Bookmarks