From owner-freebsd-net@FreeBSD.ORG Sun Oct 17 18:27:39 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62A30106564A for ; Sun, 17 Oct 2010 18:27:39 +0000 (UTC) (envelope-from jamesbrandongooch@gmail.com) Received: from mail-ew0-f54.google.com (mail-ew0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id E47B18FC0A for ; Sun, 17 Oct 2010 18:27:38 +0000 (UTC) Received: by ewy21 with SMTP id 21so123294ewy.13 for ; Sun, 17 Oct 2010 11:27:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=9W4IFpYlrLQCJ0lB14R+j15dnBC4GG+6dQEtDI8kzSM=; b=XwPNyo3UK6PzXkL6kubscdZhOWLcb0ycPRCmVBPRugKCFixkS0iosapn/wAEGOGDzG +HBrhcB0ZjjKJcY2OwP8jz4OJtHE1aSEsaCYZCRtywx4ni/KMEBMf029dNoCJQk/t624 NwVrN7PQH+JDma8EdMdHzsRUYCIQNYaVw392Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=Q5jSiWbrtRjLyznm6zlHI9vnk5pJcoYcZfMTvBJucL1IkEalffIX0yC9XTXwkJrehL WUy6tnWxDWjvNLF3FkOmgu37y4kqA8LnP0bC/k/k/kbu2xs+diXFeW4/8x1hT+rp4NqS Dm/uTycig3ijisiLTy8WvtAV1S+fUoc9AlkkU= MIME-Version: 1.0 Received: by 10.216.11.66 with SMTP id 44mr3523373wew.69.1287336199109; Sun, 17 Oct 2010 10:23:19 -0700 (PDT) Received: by 10.216.131.207 with HTTP; Sun, 17 Oct 2010 10:23:19 -0700 (PDT) In-Reply-To: References: <201008262259.QAA25138@lariat.net> <20100827062454.GB7160@relay.ibs.dn.ua> Date: Sun, 17 Oct 2010 12:23:19 -0500 Message-ID: From: Brandon Gooch To: "Li, Qing" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: zeus.panchenko@gmail.com, freebsd-net@freebsd.org Subject: Re: RADIX_MPATH usage information X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Oct 2010 18:27:39 -0000 On Fri, Aug 27, 2010 at 10:47 AM, Li, Qing wrote: > There are a couple of items I need to take care of > in this area, including the documentation, so I will get > it done this weekend. > > --Qing > > >> -----Original Message----- >> From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd- >> net@freebsd.org] On Behalf Of Zeus V Panchenko >> Sent: Thursday, August 26, 2010 11:25 PM >> To: freebsd-net@freebsd.org >> Subject: Re: RADIX_MPATH usage information >> >> +1 >> >> -- >> Zeus V. Panchenko >> IT Dpt., IBS ltd =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0GMT+2 (EET) Qing, I've been looking for the documentation regarding this new feature, as I have the requirement of needing an ipfw(8) (or other firewall) setup. Unfortunately, I could find nothing, aside from the source code (which I'm attempting to read ATM). I have a computer with one em(4) interface with multiple VLANs running on top. I let the em0 interface configuration happen via DHCP, and I set the VLAN interfaces manually. I run 3 instances of sshd(8) on each separate VLAN interface, but I run into the issue of having the connection to each VLAN's sshd(8) instance attempt the return connection to the client via the default gateway of em0. So I've simply created an rc(8) script to handle manually configuring the routing table for each fib, something like a "my_networks.sh": #!/bin/sh # # PROVIDE: my_networks # REQUIRE: dhclient netif routing cleanvar # . /etc/rc.subr name=3D"my_networks" rcvar=3D${name}_enable start_cmd=3D"my_networks_start" stop_cmd=3D"my_networks_stop" my_networks_start() { setfib 1 route add default 192.168.1.1 -ifp vlan10 setfib 3 route delete 192.168.2.0/24 setfib 3 route delete 192.168.3.0/24 setfib 2 route add default 192.168.2.1 -ifp vlan20 setfib 3 route delete 192.168.1.0/24 setfib 3 route delete 192.168.3.0/24 setfib 3 route add default 192.168.3.1 -ifp vlan30 setfib 3 route delete 192.168.1.0/24 setfib 3 route delete 192.168.2.0/24 setfib 1 /usr/sbin/sshd -f /usr/local/etc/sshd_config_fib_1 setfib 2 /usr/sbin/sshd -f /usr/local/etc/sshd_config_fib_2 setfib 3 /usr/sbin/sshd -f /usr/local/etc/sshd_config_fib_3 } my_networks_stop() { setfib 1 route flush setfib 2 route flush setfib 3 route flush killall sshd } load_rc_config $name : ${my_networks_enable=3D"NO"} run_rc_command "$1" ...and it seems to work. I'm not sure how technically sound this method is, but I haven't found or read anything to confirm, condone or condemn the methodology. If I were to use the RADIX_MPATH option in the kernel, would this eliminate the need to delete routes from the "foreign" VLAN interfaces' routing table (to prevent return connection packets heading out the default gateway of em0, configured via DHCP)? Thanks! -Brandon