From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 19:28:06 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D44916A41C for ; Tue, 28 Jun 2005 19:28:06 +0000 (GMT) (envelope-from julian@elischer.org) Received: from postoffice.vicor-nb.com (www.vicor.com [12.155.182.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id C545143D53 for ; Tue, 28 Jun 2005 19:28:05 +0000 (GMT) (envelope-from julian@elischer.org) Received: from localhost (localhost [127.0.0.1]) by postoffice.vicor-nb.com (Postfix) with ESMTP id 568B64CE931; Tue, 28 Jun 2005 12:28:05 -0700 (PDT) Received: from postoffice.vicor-nb.com ([127.0.0.1]) by localhost (postoffice.vicor-nb.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 61193-10; Tue, 28 Jun 2005 12:28:04 -0700 (PDT) Received: from bigwoop.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by postoffice.vicor-nb.com (Postfix) with ESMTP id B225D4CE918; Tue, 28 Jun 2005 12:28:04 -0700 (PDT) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by bigwoop.vicor-nb.com (Postfix) with ESMTP id 44E887A403; Tue, 28 Jun 2005 12:28:04 -0700 (PDT) Message-ID: <42C1A4F3.2010403@elischer.org> Date: Tue, 28 Jun 2005 12:28:51 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050423 X-Accept-Language: en, hu MIME-Version: 1.0 To: Chuck Swiger References: <42C0DB3B.6000606@elischer.org> <20050628074640.GY1283@obiwan.tataz.chchile.org> <42C18A37.7060109@mac.com> In-Reply-To: <42C18A37.7060109@mac.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at postoffice.vicor.com Cc: Jeremie Le Hen , net@freebsd.org Subject: Re: Julian's netowrking challenge 2005 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 19:28:06 -0000 Chuck Swiger wrote: > Jeremie Le Hen wrote: > [ ... ] > >> PS: I'm seeing more and more requests about routing limitations in >> FreeBSD everyday, such as lack of multiple routing tables support, lack >> of source routing (as well as higher level protocol based routing). >> Are there actually some projects that are being worked on to overcome >> this ? > > > Sure. You can use IPFW to forward packets out via any interface you > please, based on any of the matching critera that IPFW's rulesets > permit. You can also run BGP/EGP sessions, OSPF, or other advanced > routing protocols via routing daemons like zebra/quagga/gated/whatever > in the ports collection. > > [ Most people don't understand Internet routing very well, they don't > understand subnetting or supernetting, they don't understand CIDR, and > they encounter problems which arise because they don't know how to set > up a network topology which is appropriate for the actual task they > want to perform. ] > > For the current problem, if you've got two servers which offer > services to the Internet, and have public IPs assigned to them, > putting these boxes behind NAT is causing problems because the > topology doesn't match what the machines are actually doing. Well of course! however the topology WAS ok before all the IPS got reassigned to soemone else.. (don't ask). I'm trying to simulate a production environment with what I have on had, which is a handful of IP addresses. All while not stopping production or making changes that will be a bigger pain when the new IPs arrive. > Set up what E. Zwicky calls a "screened subnet architecture" by moving > these boxes into a seperate DMZ subnet, set up a local route for the > rest of the clients on the firewall which indicate that these boxes > can be reached via fxp0 rather than fxp1, so that traffic from the > clients on the LAN stays local rather than going out through one T1 > and back in via the other. doesn't really solve the problem I'm having butthanks for taking the trouble to think about it.