current-users: Re: multihoming for SOHO lan

Subject: Re: multihoming for SOHO lan
To: None <current-users@netbsd.org>
From: Paul Newhouse <newhouse@pimin.rockhead.com>
List: current-users
Date: 03/23/1999 22:51:15
Platform i386:

Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com> wrote:

> newhouse@pimin.rockhead.com (Paul Newhouse) writes:
> > I think I can solve this by having the cable traffic NAT'd into
> > a subnet, say 172.16.1.0/24. The subnet can be routed back to the 
> > cable modem's DHCP assigned address.  
>
> You have to worry about the return traffic from your machine back to
> the internet.  If your routing table's route for a destination points
> one way, your packets are going to go in that direction, no matter
> what the source address is.  If your ISPs filter by source address
> (like TCI/athome does) you really need to make sure the source address
> is correct for for the port you are going to send the packet out of.
>
> What you need is a way to route based on source address.  Luckily
> ipfilter is up to this task.  You need to use the "route" option to
> nudge the packets that were about to go out a bad port, back to the
> correct port.  This is what I use:
>
>   pass out log quick on de0 to de1:mygateway from 140.174.88.1/32 to any

Wow! It would have taken me a long time to come up with that based on the
manpage and the examples.

I'm pretty sure I don't understand exactly what this does.  Let me take 
a guess and PLEASE correct me where I go wrong.

   quick

If a match then don't check any more rules.  So I should put this after
any other de0 rules?

   pass out on de0 

This would be the cable modem port, where I really want it to go.

   to de1:mygateway

This would be where it was going.  The default route on de1 and the
default routes gateway address?  The man page says:

   "dup-to" interfacename[":" ipaddr]

I take it the "dup-" isn't necessary or in this case is wrong? Is the man page
not quite right?

   from 140.174.88.1/32

This is the DHCP assigned address for the cable modem port? 

  to any

Meaning I'm responding to some arbitrary originator.

TIA,
Paul

  204.219.89.41/29        +----------------+     +------+
---DSL connection---------|ne1          ex0|-----| W98  |  205.219.89.44/29
                          | router/switch  |     +------+  172.16.89.44/24
						  |   gateway      |------others
        0/32              |  NetBSD box    |     +------+
--cable connection--------|ne0          de1|-----|NetBSD|  205.219.89.46/29
                          +----------------+     +------+  172.16.89.46/24