[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Two internet connections on the same machine



On Wed, Sep 25, 2002 at 12:17:30PM -0300, Papo Napolitano wrote:
> Hi all,
> 
> I've already found it's not possible to have more than one default route...
> I have a 3.1 firewall with 3 network cards, xl0 for the internet access, xl1
> for the internal LAN and fxp0 for an ADSL modem.
> Is it possible to make one machine in the internal network use the ADSL to
> surf the net instead the default route?
> Say, something like "if packet comes from 10.0.0.200 use tun0 else use xl0"
> 
> Is there any solution at all? If so... How?
> Thanks!
> 
It's already done ;)
but if anybody has more elegant way pls post

As I managed it, the dsl is used only for inet browsing, 
all the rest is done over the f.line and in case of "tdsl down"
(min. once per 24h ) all should be routed to the f.line

((( 
Due to some problems with squid as proxy (as cache is fine)
i would like to listen from you any sugestion about a really light proxy
mainly for routing and use of hostnames instead of ips, 10x
)))

It is really crazy, but for now is without troubles ;o)
So what I use is 2x squid.conf, 2x pf.confs, ppp.linkup, ppp.linkdown & dyndns

Basic explanation:
boot:
applying normal pf & nat rules (pf- nat-i)
get a name from dyndns over f.line
start squid without to specify $tcp_outgoing_address $hostname
     (no idea why but it isnt possible to otherwise :((((    )
start ppp in deamon mode for dsl 
ppp.linkup
  change the gateway to this of the dsl provider
  get the myhost.dnsalias.net for the dsl_ip_addr
  change the route back to the fixed line ip_addr
  aplly with flash the pf and nat rules with "route-to"
  kill the previous instance of squid (i had problems with that)
  start squid with "tcp_outgoing_address myhost.dnsalias.net"
ppp.linkdown
  change the route back to the fixed line ip_addr
  aplly with flash the pf and nat rules with "route-to"
  get the myhost.dnsalias.net for the dsl_ip_addr
  "squid -k reconfigure" is enough in this case


-----------------------------------------------------------
rc.local:

sh -c "sleep 60; /usr/local/bin/ipcheck.py -q -f --syslog -d /etc/ipcheck -i xl0 -w name passwd myhost.dnsalias.net" 
sh -c "sleep 60; /usr/local/bin/squid -D -u 0 -f /etc/squid/squid.conf- &"
sh -c "sleep 60; ppp -ddial tdsl"

-----------------------------------------------------------
squid.conf:
tcp_outgoing_address myhost.dnsalias.net

-----------------------------------------------------------
squid.conf-:
# tcp_outgoing_address myhost.dnsalias.net


-----------------------------------------------------------
pf-tdsl:

ext_if = 'xl0'
int_if = 'xl1'
tdsl = 'tun0'
squid_port = '{80, 443, 21, 20, 8080, 5800, 5900 }'
pass in  quick from $tdsl to 172.16.254.254/32
pass out quick from 172.16.254.254/32 to $tdsl
block in  on $tdsl from $spoofed to any
block out on $tdsl from any to $spoofed
pass out log quick on $ext_if route-to $tdsl proto tcp from $tdsl to any port $squid_port
pass in  quick on $tdsl inet proto tcp from any port $squid_port to any flags SA keep state
pass out quick on $tdsl inet proto tcp from any to any port $squid_port flags S/SRA
pass in  quick on $tdsl inet proto tcp from any to any port $squid_port flags S/SRA
pass out quick on $tdsl inet proto tcp from any port $squid_port to any flags SA keep state

-----------------------------------------------------------
pf-:

ext_if = 'xl0'
int_if = 'xl1'
# nothing about $tdsl and route-to

-----------------------------------------------------------
ppp.linkup:

tdsl:
 iface clear
 add 0 0 HISADDR
 !bg /usr/local/bin/ipcheck.py -q -f --syslog -d /etc/ipcheck -i tun0 -w name passwd myhost.dnsalias.net
 !bg route change default $fixed_ip_address
 !bg /sbin/pfctl -F rule -R /etc/pf-tdsl
 !bg /sbin/pfctl -F nat -N /etc/nat-i
 !bg sh -c "sleep 60; /usr/local/bin/squid -k kill"
 !bg /usr/local/bin/skill -9 squid
 !bg sh -c "sleep 60; /usr/local/bin/squid -D -u 0 -f /etc/squid/squid.conf &"

-----------------------------------------------------------
ppp.linkdown:

tdsl:
 iface clear
 !bg /usr/local/bin/ipcheck.py -q -f --syslog -d /etc/ipcheck -i xl0 -w name passwd myhost.dnsalias.net
 !bg route change default $fixed_ip_address
 !bg /sbin/pfctl -F rule -R /etc/pf-
 !bg /sbin/pfctl -F nat -N /etc/nat-i
 !bg /usr/local/bin/squid -k reconfigure


-----------------------------------------------------------


Gretings,
qstreb