Date: Fri, 17 Dec 2010 08:11:29 +0100 From: Milan Obuch <freebsd-net@dino.sk> To: freebsd-net@freebsd.org Cc: Jayster <jayster@comcast.net> Subject: Re: Web Server supporting up to 4 WANs/Interfaces Message-ID: <201012170811.30957.freebsd-net@dino.sk> In-Reply-To: <17835728.248313.1292567569116.JavaMail.root@sz0077a.emeryville.ca.mail.comcast.net> References: <17835728.248313.1292567569116.JavaMail.root@sz0077a.emeryville.ca.mail.comcast.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 17 December 2010 07:32:49 Jayster wrote: [ fine comments on our OS trimmed ] > Now the issue. Without too much detail, my device has 4 GigE ports on it. > Each will be attached to a routed network. There is NO routing required > between networks inside the box (not a router or firewall) and in fact, it > CANNOT be allowed to happen because of security. Instead, each WAN port > needs access to this box, but nothing beyond. The access consists of a Web > Server, though several other Ports are required, such as SNMP Traps, > Syslog, etc. Getting to the box is easy, routers do all the work. The > issue is getting traffic back through the same interface it came in on and > through the same router gateway. As we all know, only 1 gateway can be > assigned in FreeBSD, unlike other flavors of Linux. Even the ones who > don't offer single line gateway support can use IPTables to accomplish > this task. But IPTables is not supported in FreeBSD. Not a bad thing as > long as comparable solutions exist. >=20 =46rom this short description it looks like you are using standard internet= =20 apps. Question is whether you need one instance of web server to serve=20 requests from all four ports (or in better words IMHO four networks if they= =20 should not communicate here on box) or you could use four separate instance= s.=20 =46or the former you can use PF (I tested something similar with two networ= k in=20 past) while for the later either multiple fibs or vimage solution is=20 available. [ snip ] > I have tried both PF and IPFW. Different posts around the web claim > Multiple Gateway solutions using both of them. I have tried each of the > recommended setups, but had no luck. If you read the last responses to > each of those posts, others also state they could not duplicate what is > claimed, as well. PF looks the most promising. It has "if-bound", which is > supposed to keep interface traffic on the same interface. That is a good > first step. But pointing it to the gateway on that interface is still an > issue. Please HELP!!! I haven't slept in days and I've been stuck for a > week now!!! This is our last showstopper. >=20 There are some guides on net - but you should be able to find the basic in= =20 'man pf.conf' - look for route-to and reply-to. I am not going to give you = now=20 more details, sorry - writing just what I remember now could be misleading,= I=20 did forget probably some details, but manual page has all basic info=20 necessary. This way you could do some 'source routing policy', which could = be=20 a solution to your problem. Hope this helps a bit, at least. Regards, Milan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012170811.30957.freebsd-net>