Re: Multi-homed Solaris 10 setup question
This is a discussion on Re: Multi-homed Solaris 10 setup question within the IPFilter forums, part of the System Security and Security Related category; Thomas Backman wrote: > ... > My setup is, or rather my goal is, as follows: > > elxl0 - DHCP (ISP #...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-01-2007
|
|||
|
|||
Re: Multi-homed Solaris 10 setup question
Thomas Backman wrote:
> ... > My setup is, or rather my goal is, as follows: > > elxl0 - DHCP (ISP #1) - 83.x.x.x/19 > elxl1 - DHCP (ISP #2) - 217.x.x.x/24 > nge0 - static IP (LAN) - 192.168.1.1/24 > ... > I want elxl1 to be used by the *other* computers on the LAN, via NAT. > This is already set up and working great, thanks to IPF. > elxl0 is currently not connected, however. I'd like that connection to > be used by the server itself. In other words, when I open a web page > on 192.168.1.4, the connection goes though the router box and exits on > elxl1 via NAT. So far so good. If I open the web page from a browser > on the server itself, I want it to exit on elxl0. > This way, I can do server stuff (FTP/WWW-serving and torrents) on the > elxl0 connection (83.x.x.x), while having uninterrupted > browsing/chatting etc on the elxl1 connection (217.x.x.x). So, a couple of things... I think what you need to do on your server is write rules like this in ipf.conf: pass out quick on elxl1 to elxl0:nexhop_ip# from elxl1/32 to any and also write a NAT rule like this for ipnat.conf: map elxl0 from elxl1-ip-addr# to any -> 0/32 Darren 
|
Linear Mode
