[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

routing between 2 external, 1 internal interface

To: <misc@openbsd.org>
Subject: routing between 2 external, 1 internal interface
From: Jake Maul <jake@traveloperations.com>
Date: Fri, 7 Jun 2002 13:17:34 -0700 (MST)

I've currently got an OpenBSD 2.9 box running as a Firewall/NAT machine
between an internal network and a DSL line, works wonderfully. But I
need a little help...if anyone can answer anything here, I'd be
grateful.

I'm planning on replacing the DSL line with 2 T1's from separate ISP's,
and splitting off internet services into a DMZ (web, SMTP, etc),
for a total of 4 NICs. Thus, I'm having to get into routing, something
I'm new at.


ISP1 ---|                       |--DMZ (public IPs, no NAT needed)
        OBSD Firewall/Router/NAT
ISP2 ---|                       |--Internal Network (192.168.1.x)

I've been using IPF/IPNAT with just 2 NICs. A couple things come to
mind.

1) As far as internal traffic getting out, what do I map the internal
addresses to? Each NIC for ISP1/ISP2 will have different addresses, no?
I just want the traffic to take whichever route is faster, but if I map
to the address of ISP1's NIC, will it default to using only that line,
or can it still route through ISP2?

2) What would I put in /etc/mygate? Obviously the default gateway for
clients on the internal network is 192.168.1.1 (in the example above),
and for the DMZ servers it would be the IP of the DMZ NIC in the
router. But what do I put in on the router itself, the IP of ISP1's
gateway, ISP2's gateway, both, or does it not matter which? I would
assume this would affect forwarding between internal/Internet or
DMZ/Internet, but I don't know what the proper entry would be.

3) Am I going to need a userland daemon of some sort? I don't need
anything really complicated, I just want packets to take the
shortest/fastest route to wherever they're going. Obviously stop
using one if it goes down. How much can OpenBSD do by itself?

4) If #3 is 'yes', what should I use? I've looked at zebra some, and a
little at gated...what's the way to go? After that, which protocol
makes the most sense - OSPF, BGP...others? What fits in good with
IPF/IPNAT?

5) (Last one, I promise) I was planning on using whatever equipment was
provided with the T1 lines, and/or using whatever was suggested by the
ISPs, with this OpenBSD box behind them (Cisco 1700's or whatever). I
read a thread debating between the Cisco 2600 vs. connecting the T1
straight into an OpenBSD box. Beyond the point of ISP support, any
strong opinions one way or the other? If a PCI T1 interface is the way
to go, what cards exist? LAN Media was recommended in the aformentioned
thread (now owned by SBEI, but they still have a T1 card). Their site
says it supports HDLC, PPP, and Frame Relay, so if OBSD 'gets' Frame
Relay correctly (and SBEI isn't lying) I wouldn't have to fight
with the ISP about using different encapsulation.

That's it for now, thanks in advance.
Jake

Prev by Date: Re: reason for the flurry of commits
Next by Date: mounting OpenBSD partitions in FreeBSD & vice-versa
Prev by thread: Re: reason for the flurry of commits
Next by thread: mounting OpenBSD partitions in FreeBSD & vice-versa
Index(es):
- Date
- Thread