This is an old revision of the document!
[gate:~] # sysctl net.inet.ip.forwarding [gate:~] # sysctl net.inet.ip.forwarding=1 [gate:~] # cat /etc/rc.conf
... gateway_enable="YES" ...
[gate:~] # /etc/rc.d/routing restart
root@gate:~# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0 root@gate:~# sysctl net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 root@gate:~# cat /etc/sysctl.conf
... net.ipv4.ip_forward=1 ...
root@gate:~# sysctl -f
[gate:~] # netstat -rn -f inet [gate:~] # route delete default [gate:~] # route add default 172.16.1.254 [gate:~] # route add 192.168.Y/24 172.16.1.Y [gate:~] # route delete 192.168.Y/24 delete net 192.168.Y.0 [gate:~] # route -n flush
root@gate:~# netstat -rn root@gate:~# route -n root@gate:~# route del default root@gate:~# route add default gw 172.16.1.254 root@gate:~# route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y root@gate:~# route del -net 192.168.Y.0 netmask 255.255.255.0 # route add -host 192.168.100+X.201 reject # route del -host 192.168.100+X.201 reject
[gate:~] # cat /etc/rc.conf
... defaultrouter="172.16.1.254" gateway_enable="YES" static_routes="netY netZ" route_netY="192.168.Y.0/24 172.16.1.Y" route_netZ="192.168.Z.0/24 172.16.1.Z" ...
[gate:~] # /etc/rc.d/routing start
root@gate:~# cat /etc/network/interfaces
... up route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y up route add -net 192.168.Z.0 netmask 255.255.255.0 gw 172.16.1.Z
[gate:~] # pkg_add -r quagga [gate:~] # cd /usr/local/etc/quagga/
root@gate:~# apt-get install quagga root@gate:~# cd /etc/quagga/
gate# cat zebra.conf
hostname gate_zebra password zebra enable password zebra
gate# cat ospfd.conf
hostname gate_ospfd password zebra enable password zebra
[gate:~] # cat /etc/rc.conf
... quagga_enable="YES" quagga_daemons="zebra ospfd"
[gate:~] # /usr/local/etc/rc.d/quagga start
root@gate:~# cat /etc/quagga/daemons
... zebra=yes ... ospfd=yes ...
root@gate:~# chown -R quagga /etc/quagga/ root@gate:~# /etc/init.d/quagga start
gate# telnet localhost ospfd gate_ospfd> en gate_ospfd# conf term gate_ospfd(config)# router ospf gate_ospfd(config-router)# network 172.16.1.0/24 area 0 gate_ospfd(config-router)# redistribute connected gate_ospfd(config-router)# end gate_ospfd# show ip ospf neighbor gate_ospfd# write gate_ospfd# exit gate# netstat -rn gate# telnet localhost zebra server_zebra> show ip route server_zebra> exit gate# netstat -rn
[gate:~] # cat /etc/rc.conf
... router_enable="YES" router_flags="-s" ...
[gate:~] # /etc/rc.d/routed start [gate:~] # netstat -rn -f inet ... 192.168.Y 172.16.1.Y UG 0 0 fxp0 ...
http://www.opennet.ru/openforum/vsluhforumID1/63044.html
# cat /etc/pf.conf
nat on em1 from 192.168.X/24 to any -> 172.16.1.X nat on em3 from 192.168.X/24 to any -> 172.16.2.X pass in quick on em0 from 192.168.X.0/24 to em0 pass in on em0 route-to (em1 172.16.1.254) from 192.168.X/25 to any pass in on em0 route-to (em3 172.16.2.254) from 192.168.X.128/25 to any
# cat /etc/iproute2/rt_tables # ip route show table local # ip route show table main # ip route add default via 172.16.1.254 table 101 # ip route add default via 172.16.2.254 table 102 # ip route show table 101 # ip route show table 102 # ip rule add from 192.168.X.0/25 table 101 # ip rule add from 192.168.X.128/25 table 102 # ip rule add from 192.168.X.0/24 to 192.168.X.0/24 table main # ip rule show # ip rule del from any table 101 # ip rule del from any table 102
# cat nat.sh
iptables -t nat --flush iptables -t nat -A POSTROUTING -o eth1 -s 192.168.X.0/24 -j SNAT --to-source 172.16.1.X iptables -t nat -A POSTROUTING -o eth3 -s 192.168.X.0/24 -j SNAT --to-source 172.16.2.X conntrack -F
# iptables-save -c > /etc/iptables.rules
# cat /etc/rc.local
... # Create tables with specific routing ip route add default via 172.16.1.254 table 101 ip route add default via 172.16.2.254 table 102 # Insert rules for choosing traffic for tables ip rule add from 192.168.X.0/25 table 101 ip rule add from 192.168.X.128/25 table 102 ip rule add from 192.168.X.0/24 to 192.168.X.0/24 table main exit 0