Hello,
My server has 2 public IP from 2 different providers and the internal network IP, lets say:
ISP 1:
IP: 1.2.3.4
Gateway: 1.2.3.1
ISP 2:
Ip 5.6.7.8
Gateway: 5.6.7.1
Internal network:
IP: 172.16.2.2
Gateway: 172.16.2.1
Target Machine: 172.16.2.10
What i want to do is that if someone goes to either IP in port 80, it sends the request to a single machine (target machine) on the internal network on port 80.
So far i was playing with IPFW and Natd, with IPFW i had the rules like:
I test that first to make sure packages were traveling ok when a request went to the specific IP, then i was using natd with a conf like this:
And i add a rules to the ipfw like this:
I know i have something wrong in my rules basically what to tell the packages to do after they 'divert' but i just can figure it out i have try quite some alternatives as skiping to 500 or 600 depending on the case but it is not working, actually i run natd in verbose mode and i see it is getting the inbound request but is not sending the answer.
Yes, i read the man for natd and i know it has to do with the global port and i know they have a similar sample there but i just can't make it work.
Can you guys please point me into the right direction.
My FreeBSD 8 is amd64, i recompile the kernel with IPFIREWALL, IPFIREWALL_DEFAULT_TO_ACCEPT, DIVERT, IPFIREWALL_FORWARD.
My server has 2 public IP from 2 different providers and the internal network IP, lets say:
ISP 1:
IP: 1.2.3.4
Gateway: 1.2.3.1
ISP 2:
Ip 5.6.7.8
Gateway: 5.6.7.1
Internal network:
IP: 172.16.2.2
Gateway: 172.16.2.1
Target Machine: 172.16.2.10
What i want to do is that if someone goes to either IP in port 80, it sends the request to a single machine (target machine) on the internal network on port 80.
So far i was playing with IPFW and Natd, with IPFW i had the rules like:
Code:
ipfw add fwd 1.2.3.1 ip from 1.2.3.4 to not 1.2.3.4 out
ipfw add fwd 5.6.7.1 ip from 5.6.7.8 to not 5.6.7.8 outI test that first to make sure packages were traveling ok when a request went to the specific IP, then i was using natd with a conf like this:
Code:
log
deny_incoming
verbose
instance default
interface ste0
port 8668
redirect_port tcp 172.16.2.10:80 80
instance second
interface ste1
port 6886
redirect_port tcp 172.16.2.10:80 80
globalport 3000And i add a rules to the ipfw like this:
Code:
ipfw add 100 skipto 300 ip from any to any in recv ste0
ipfw add 200 skipto 400 ip from any to any in recv ste1
ipfw add 300 divert 8668 ip from any to any
ipfw add 400 divert 6886 ip from any to any
ipfw add 500 fwd 1.2.3.1 ip from 1.2.3.4 to not 1.2.3.4 out
ipfw add 600 fwd 5.6.7.1 ip from 5.6.7.8 to not 5.6.7.8 outI know i have something wrong in my rules basically what to tell the packages to do after they 'divert' but i just can figure it out i have try quite some alternatives as skiping to 500 or 600 depending on the case but it is not working, actually i run natd in verbose mode and i see it is getting the inbound request but is not sending the answer.
Yes, i read the man for natd and i know it has to do with the global port and i know they have a similar sample there but i just can't make it work.
Can you guys please point me into the right direction.
My FreeBSD 8 is amd64, i recompile the kernel with IPFIREWALL, IPFIREWALL_DEFAULT_TO_ACCEPT, DIVERT, IPFIREWALL_FORWARD.