Contributed by jose on from the dual-homed dept.
I have a firewall/router that has two external interfaces on the internet, and one internal host attached to a third interface on the router. I really want both interfaces to route to the one internal host, and only a few select ports at that. Should I use rdr, nat, or binat? Ideally clients machines accessing one of the external, static should believe that they are connected to a single host computer.
Thanks a lot in advance, Kevin"
(Comments are closed)
By Anonymous Coward () on
By Andreas () davos@puffy.nu on mailto:davos@puffy.nu
nat on $external_1 inet from ($internal)/24 to any -> ($external_1)
nat on $external_2 from ($internal)/24 to any -> ($external_2)
pass in on $internal route-to { ($external_1 $gateway_first), ($external_2 $gateway_second) } round-robin from ($internal)/24 to any keep state
Where $gateway_first and $gateway_second is the gateway of each interface. This could easily be extended with a few simple block quick or anything like that. I haven't actually tested this configuration but hopefully it will work for you.
Comments
By Anonymous Coward () on
rdr on $ext_if1 proto tcp from any to any port 80 -> $webserver
rdr on $ext_if2 proto tcp from any to any port 80 -> $webserver
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
Comments
By Anonymous Hero () on
By hellsh0k () on
Pretty much deals with all multi-card and load balancing issues.
By Luca Cristelli () luca.cristelli@ies.it on mailto:luca.cristelli@ies.it
1. redirect (rdr) required ports to internal host
2. you need to route traffic between the two external nics:
http://www.benzedrine.cx/pf/msg02717.html
Hope it helps.
Luca.
By Anonymous Coward () on
OR
Same, but alias the internal NIC.
By Kevin () on
Thanks again,
Kevin
Comments
By Anonymous Coward () on
By djm () on