current-users: Re: multihoming for SOHO lan

Subject: Re: multihoming for SOHO lan
To: None <current-users@netbsd.org>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: current-users
Date: 03/24/1999 09:39:02
newhouse@pimin.rockhead.com (Paul Newhouse) writes:
> Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com> wrote:
> >   pass out log quick on de0 to de1:mygateway from 140.174.88.1/32 to any
> Wow! It would have taken me a long time to come up with that based on the
> manpage and the examples.

I must admit, it took me a while too.  I had actually started hacking
my kernel and rtalloc() and friends to understand an optional source
address constraint, but that turned out to be real work.  (and I've
developed an aversion to real work. ;-))
 
>    quick
> If a match then don't check any more rules.  So I should put this after
> any other de0 rules?

correct

>    pass out on de0 
> 
> This would be the cable modem port, where I really want it to go.
> 
>    to de1:mygateway

These two explanations are interchanged.

The "pass out on de0" breaks down to:  "pass" and "out" "on de0".

    pass: put this packet in the "good" bin.  Mark for further "good"
    treatment.

    out: only apply this rule to outgoing packets.

    on de0: only apply this rule to packets going to "de0" 

    to de1:mygateway: re-route this packet to "mygateway" using
    interface "de1".  In effect force a particular interface/MAC-addr  
    selection without going through the routing table.

> This would be where it was going.  The default route on de1 and the
> default routes gateway address?  The man page says:
> 
>    "dup-to" interfacename[":" ipaddr]
> I take it the "dup-" isn't necessary or in this case is wrong? Is the man page
> not quite right?

Correct.  You don't want to duplicate this.  You want to rip it out of
the queue and hand-route it.

>    from 140.174.88.1/32

> This is the DHCP assigned address for the cable modem port? 

correct.

Apply this rule to a packet with this source address address.

>   to any
> 
> Meaning I'm responding to some arbitrary originator.

correct.

Apply this rule to a packet with "any" destination address.


>   204.219.89.41/29        +----------------+     +------+
> ---DSL connection---------|ne1          ex0|-----| W98  |  205.219.89.44/29
>                           | router/switch  |     +------+  172.16.89.44/24
> 						  |   gateway      |------others
>         0/32              |  NetBSD box    |     +------+
> --cable connection--------|ne0          de1|-----|NetBSD|  205.219.89.46/29
>                           +----------------+     +------+  172.16.89.46/24

This setup will work just fine.  You'll need two hand-routing rules,
one for each of ne1 and ne0.

The dhcp on ne0 is an interesting twist.  A simple sed/perl hack to
/etc/ipf.conf and an "ipf -F a -f /etc/ipf.conf" at new-lease time
should do the trick.  The current dhclient has sported all sorts of
runtime hooks.

-wolfgang
-- 
       Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
		    http://www.wsrcc.com/wolfgang/
DGPS signals via the Internet  http://www.wsrcc.com/wolfgang/gps/dgps-ip.html