Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Interesting routing question

Hybrid View

  1. #1
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Interesting routing question

    Heres the spiel. As a few may recall, I have a rather nice OpenBSD gateway setup to do NAT and firewalling. I have a pair of DSL lines coming in, one for email/ftp and the other for a web-gui. The gateway at this point doesnt do a whole hell of alot when it comes to the email/ftp pipe. I want it to now.

    What I am curious about knowing is, is it possible to route SPECIFIC IP addresses thru the gateway to the email/ftp pipe? The gateway has three channels -- LAN and both WANs. Currently a bridge is doing the firewalling for the mail/ftp pipe. But both the gateway and bridge are behind a NAT enabled router.

    Here is my network topolgy. The one change that I still need to make is the addition of the bridge. But that is really a moot point. The gateway is conencted to all three points -- both DSLs and the LAN.

    Currently the gateway is set to NAT on the web-gui DSL pipe (McLeod DSL) and the email/ftp is done on the SBC pipe. I need to allow a few users (like me and my CIO) access to certain ftp sites that use the static IP of the SBC line as a "get past the firewall free" card. Hence the routing issue.

    I tried doing a

    Code:
    route add -net FTP_IP 192.168.254.254
    
    (192.168.254.254 is the IP for the DSL router that is doing the nat routing)
    and got a routing table entry, however that didnt quite work correctly at all. I am assuming that my logic is flawed.

    Any hints?

  2. #2

    Re:Interesting routing question

    The only thing that I can think of would be to build a filter on the router/gateway that would allow access to that port for the servers and clients that need to use that port and block all other addresses, forcing them to go out the other port. This is not really my strong suit but here at work we have several different networks and use various filtering to control access. Sorry if this is useless info.

  3. #3
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:Interesting routing question

    Well, if I understand you correctly, that is the opposite of what I need. I may have rambled too long, or misworded my needs above. But, I need to go out into the internet over the second DSL pipe. Rdr's dont work and routing table entries didnt work (although I could have done them wrong).

    I just need to reroute a handful of IP requests to an alternate route.

  4. #4

    Re:Interesting routing question

    Looking on the man page for route, I don't think it's possible to do it in BSD. I could do it with iptables though.

  5. #5

    Re:Interesting routing question

    Here is yet another possible solution set your default gateway on those machines to be the IP of the static dsl line and let the gateway machine act as a network bridge.

  6. #6

    Re:Interesting routing question

    I don't think what mmiller9 says will work. I don't think you can specify a gateway that's behind another gateway. If OpenBSD works like FreeBSD, there may be a possibility that you can divert the packets from each group of machines to different ports, and configure natd to route each port to a certain interface. I just can't figure out how to do it though. You've asked a tough question. You might ought to go to a BSD bbs and ask. I think there's a way to do it but I just don't know how.

  7. #7
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:Interesting routing question

    Well, I feel better knowing that it isnt a blatant answer

    First off, doing a pf/nat rule wont work. Thats actually was my first choice. I did look hard and long at the route manpage, and tried what seemed logical, but failed on all connection attempts.

    I did go ever to Elmore's ScreamingElectron.org and the gurus there were lost as well. I figured possibly someone from the Linux gang possibly knows how.

    Ill get on a BSD list and see whats up. As soon as I know whats up, Ill let you all know what the anwer is.

  8. #8

    Re:Interesting routing question

    It has been a while since the last post on this subject and I was wondering if you found an answer to your problem?

  9. #9
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:Interesting routing question

    No new info. I got a few gurus looking into it. I went back into the man pages and went over all of the route, pf, nat, and ifconfig commands up, down, left, right, sideways, backways, diagonally -- and cant seem to figure it out. Everyone is telling me that its an odd request, but should be possible -- somehow. As soon as I figure it out, you will be the next to know.

  10. #10

    Re:Interesting routing question

    Im pretty sure something like that is possible with a cisco router, with an acl forwarding certain ips to certain destinations, but really have no clue on BSD/Linux way.

Similar Threads

  1. Interesting for MS
    By GhostDawg in forum Windows - General Topics
    Replies: 2
    Last Post: 08-20-2003, 05:18 PM
  2. Interesting article
    By Baron_Flambe in forum Linux - General Topics
    Replies: 11
    Last Post: 08-09-2002, 10:47 PM
  3. interesting topic for you
    By BurntAsh in forum General Chat
    Replies: 14
    Last Post: 06-28-2002, 07:09 AM
  4. routing question
    By in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 05-29-2002, 09:08 PM
  5. Interesting, hmmm.....
    By paradox in forum Linux - General Topics
    Replies: 3
    Last Post: 12-05-2001, 12:17 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •