Date: Thu, 21 Jan 2010 08:29:28 -0800 From: Freddie Cash <fjwcash@gmail.com> To: freebsd-net@freebsd.org Subject: setfib, ipfw, dual-NICs, separate subnets Message-ID: <b269bc571001210829i5c7a8779l371d800cf2dbd586@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Good morning networking gurus, :) Just looking for clarification that I'm using setfib and ipfw "correctly" in this situation. I have a server at home with two NICs, connected to two separate routers, with two separate Internet connections. Each NIC is part of a different subnet. Each NIC is configured via DHCP from the respective router. sk0 is 172.20.0.0/24 xl0 is 10.172.20.0/24 sk0 is in fib 0 xl0 is in fib 1 I want to use sk0 for all "normal" Internet traffic (SMTP, HTTP, DNS, FTP, etc). And use xl0 for all "bulk" Internet traffic (mainly torrents, but also long HTTP/FTP downloads). This link will get throttled by Shaw Cable due to the torrent traffic, which is the main driver for using split Internet connections and setfib. :) Right now, I'm using /etc/rc.local to configure things: # Remove all routes for xl0 (second NIC) from the primary routing table setfib 0 route delete 10.172.20.0/24 setfib 0 route delete 10.172.20.0.2 setfib 0 route delete 10.172.20.0.1 setfib 0 route delete default # Remove all routes for sk0 (primary NIC) from the secondary routing table setfib 1 route delete 172.20.0.0/24 setfib 1 route delete 172.20.0.10 setfib 1 route delete 172.20.0.2 setfib 1 route delete default # Set the correct default routes in each table setfib 0 route add default 172.20.0.10 setfib 1 route add default 10.172.20.1 # IPFW rules to set the correct FIB on incoming packets ipfw add allow ip from any to any via lo0 ipfw add setfib 1 ip from any to any via xl0 ipfw add setfib 0 ip from any to any via sk0 ipfw add allow ip from any to any Then, I start applications using wrapper scripts that "setfib 1" the apps that I want to use the secondary Internet link. I've run some tcpdumps on each interface, and it looks like the traffic is being separated correctly. Eventually, I'll be adding more IPFW rules to block unwanted traffic. Am I missing anything? Are the "route delete" statements needed? Is there a better way to configure this than using /etc/rc.local? -- Freddie Cash fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b269bc571001210829i5c7a8779l371d800cf2dbd586>