Date: Tue, 13 Jan 2009 09:30:39 -0800 From: Julian Elischer <julian@elischer.org> To: Dimitar Vasilev <dimitar.vassilev@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: setfib+pf Message-ID: <496CCFBF.3010008@elischer.org> In-Reply-To: <59adc1a0901122114v15efa47ahba8beef6ace4ddb0@mail.gmail.com> References: <59adc1a0901122114v15efa47ahba8beef6ace4ddb0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dimitar Vasilev wrote: > Hi, I originally posted my message to questions, however no response for > about a week. Therefore I'm reposting here. Original question available at > http://lists.freebsd.org/pipermail/freebsd-questions/2009-January/190056.html > For those who prefer reading human text, here are my questions: > > I'd like to ask on the best options for using setfib and pf in a non-BGP > environment. I will run 2 uplinks, with VLANs for internal networks and want > to fail over external links if one of them fails.(Extended note as of 13.01: > Uplink routers will be a WRT54GL with OpenWRT and an Alix box hopefully. > Vlan tagging also possible there. Alix will be the controlling router > station for failover). > > Currently pf supports to the best of my knowledge: > > a) rtable - this means i can create the routing tables with setfib and then > use pass from .... rtable N( N >1 <16) or give out directly network ranges ( 0 <= N < 16 ) i.e. 0 through 15 (for now) > b) route-to - pass in/out on X from ... route-to > c) packet tagging - i can tag networks and use standalone or through routing > tags. Anyone aware if is it ok to use /etc/gateways without running routed > or how can i label routes alternatively? If I apply the same for > /etc/networks or both /etc/gateways and networks will it be ok? > > pass in from any to $big_salad via $fridge keep state for example? > > d) pass in from route N(192.168.1.1 for example) to... - saw this on > http://www.mail-archive.com/pf@benzedrine.cx/msg07220.html and requires BGP > to make tags speak anything but network numbers. > e) use the vlan id's > > I'd much appreciate if someone thinks with me for the best options of using > the setfib features along with pf. I know setfib but I don't know pf unfortunately.. I use ipfw (which is why ipfw has fib support :-) possibly Max Lair may know both.. > > Thanks and regards, > Dimitar Vassilev > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?496CCFBF.3010008>