From owner-freebsd-net@FreeBSD.ORG Mon Feb 18 22:04:58 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06EA816A41B for ; Mon, 18 Feb 2008 22:04:58 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from tomjudge.vm.bytemark.co.uk (tomjudge.vm.bytemark.co.uk [80.68.91.100]) by mx1.freebsd.org (Postfix) with ESMTP id C7CBC13C4E5 for ; Mon, 18 Feb 2008 22:04:57 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from localhost (localhost [127.0.0.1]) by tomjudge.vm.bytemark.co.uk (Postfix) with ESMTP id D250F34186; Mon, 18 Feb 2008 22:04:55 +0000 (GMT) Received: from tomjudge.vm.bytemark.co.uk ([127.0.0.1]) by localhost (tomjudge.vm.bytemark.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RObH7ErciMAo; Mon, 18 Feb 2008 22:04:55 +0000 (GMT) Received: from [192.168.255.6] (unknown [192.168.255.6]) by tomjudge.vm.bytemark.co.uk (Postfix) with ESMTP id 705CE34178; Mon, 18 Feb 2008 22:04:54 +0000 (GMT) Message-ID: <47BA010E.3060606@tomjudge.com> Date: Mon, 18 Feb 2008 16:05:02 -0600 From: Tom Judge User-Agent: Thunderbird 2.0.0.6 (X11/20071022) MIME-Version: 1.0 To: Nick Barnes References: <38548.1203371750@thrush.ravenbrook.com> In-Reply-To: <38548.1203371750@thrush.ravenbrook.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Bill Moran Subject: Re: Multiple default routes on multihome host X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 22:04:58 -0000 Nick Barnes wrote: > At 2008-02-18 21:36:18+0000, Bill Moran writes: > > I would rather send packets from the P2 subnet addresses to the P2 > router, while the packets from the P1 subnet addresses keep going to > the P1 router. > > Apparently I can do this with some IPFW cunning, but that seems like > overkill for what seems like it ought to be a common problem. This is indeed a common problem, a question such as this gets asked every month or so on at least one the lists I am subscribed to. In fact we do something along these lines at each of our offices to provide fault tolerant VPN connections to our data center and other offices. However FreeBSD's routing table does not currently support policy routing without some help from the firewall. The only way to achieve your goal is to use one of the firewalls (pf/ipfw/ipf) to do the policy routing for you. The suggestions that you have received already seem to be exactly what you are looking for. Tom J