Re: Multi-homed Solaris 10 setup question

On Sep 1, 2007, at 11:58 PM, Darren Reed wrote:

> Thomas Backman wrote:
>> ...
>> My setup is, or rather my goal is, as follows:
>>
>> elxl0 - DHCP (ISP #1) - 83.x.x.x/19
>> elxl1 - DHCP (ISP #2) - 217.x.x.x/24
>> nge0 - static IP (LAN) - 192.168.1.1/24
>> ...
>> I want elxl1 to be used by the *other* computers on the LAN, via
>> NAT. This is already set up and working great, thanks to IPF.
>> elxl0 is currently not connected, however. I'd like that
>> connection to be used by the server itself. In other words, when I
>> open a web page on 192.168.1.4, the connection goes though the
>> router box and exits on elxl1 via NAT. So far so good. If I open
>> the web page from a browser on the server itself, I want it to
>> exit on elxl0.
>> This way, I can do server stuff (FTP/WWW-serving and torrents) on
>> the elxl0 connection (83.x.x.x), while having uninterrupted
>> browsing/chatting etc on the elxl1 connection (217.x.x.x).
>
> So, a couple of things...
>
> I think what you need to do on your server is write rules like this
> in ipf.conf:
> pass out quick on elxl1 to elxl0:nexhop_ip# from elxl1/32 to any
>
> and also write a NAT rule like this for ipnat.conf:
> map elxl0 from elxl1-ip-addr# to any -> 0/32
>
> Darren

Thanks for the reply, but I'm not having much luck. I found an odd
thing, while testing, too.
Some basic info, first:
elxl0: 217.211.83.81, gateway 217.211.83.1
elxl1: 83.253.61.242, gateway 83.253.32.1

Now, on to the odd stuff.
exscape ~ # traceroute 195.67.199.12 ( <-- this is on the server/
router box itself, 195.x is my ISPs DNS server)
traceroute: Warning: Multiple interfaces found; using 83.253.61.242 @
elxl1
traceroute to 195.67.199.12 (195.67.199.12), 30 hops max, 40 byte
packets
1 gw-n2fls35o1121.telia.com (217.211.83.1) 4.147 ms 4.201 ms
4.177 ms
....

Note how it says using 83... @ elxl1 yet it goes through the elxl0
gateway.
At the time, my config was

pass out quick on elxl1 to elxl0:217.211.83.1 from elxl1/32 to any
empty list for ipfilter(in) (default is pass)

List of active MAP/Redirect filters:
map elxl0 192.168.1.0/24 -> 0.0.0.0/32
map elxl0 from 83.253.61.242/32 to any -> 0.0.0.0/32

And with a default route to 83.253.32.1 (no dual default routes).

No luck in any of my tests. I don't know how the default routes
should be set up, either. It seems that if I delete the default route
for the NAT:ed NIC, browsing on the other computers doesn't work...
But if I keep both default routes, I suppose Solaris will do round-
robin or such, which I don't want (I want all server-originating
traffic on a single connection, remember).

Any hints?
As you might notice, I have very little idea what I'm doing here, at
least the ipfilter related parts, but I'd love if I could get this
working - it'd be a waste to not use both connections, and I'd rather
not switch back to Linux.

Regards,
Thomas