From owner-freebsd-net@FreeBSD.ORG Thu Jan 21 16:29:30 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 992A81065670 for ; Thu, 21 Jan 2010 16:29:30 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-iw0-f171.google.com (mail-iw0-f171.google.com [209.85.223.171]) by mx1.freebsd.org (Postfix) with ESMTP id 55F4C8FC22 for ; Thu, 21 Jan 2010 16:29:29 +0000 (UTC) Received: by iwn1 with SMTP id 1so140227iwn.28 for ; Thu, 21 Jan 2010 08:29:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=aOQdCEKYe1vGvJefqP3xdppruohlQZ1G38JGjwORIvs=; b=I8+IL1aeC/QoN1vohYpMdjLb4btMQIH+smontuyoAedlKriYpMAN23BNUSWOSzQwfv B0TU6z7t2R+n6Uas8UltKKeFYB+9nq48zsqTUAprotOM41UDPO4BklG1kzBYLsDxyCwB Tmu0fgbZker7pprY/7fNUvD/NAjZxmNhwA8u4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=w3fIQUUdmcjHzcR+6lztnc9rPVwtLh2p+H0Ek1pk9FhLlxax/uNR2sVo7i4a22T+UB UrdRjRR45F2IhcutOaStfgrF8i3v3eyuzLXj3+QLsnYOF/2X283+oa3lU7QNzZHUtyOP WpGfKJwUwUcPJL71x/c6EiI0t3OEKNlXe31dM= MIME-Version: 1.0 Received: by 10.231.144.201 with SMTP id a9mr2624506ibv.69.1264091368962; Thu, 21 Jan 2010 08:29:28 -0800 (PST) Date: Thu, 21 Jan 2010 08:29:28 -0800 Message-ID: From: Freddie Cash To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: setfib, ipfw, dual-NICs, separate subnets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 16:29:30 -0000 Good morning networking gurus, :) Just looking for clarification that I'm using setfib and ipfw "correctly" in this situation. I have a server at home with two NICs, connected to two separate routers, with two separate Internet connections. Each NIC is part of a different subnet. Each NIC is configured via DHCP from the respective router. sk0 is 172.20.0.0/24 xl0 is 10.172.20.0/24 sk0 is in fib 0 xl0 is in fib 1 I want to use sk0 for all "normal" Internet traffic (SMTP, HTTP, DNS, FTP, etc). And use xl0 for all "bulk" Internet traffic (mainly torrents, but also long HTTP/FTP downloads). This link will get throttled by Shaw Cable due to the torrent traffic, which is the main driver for using split Internet connections and setfib. :) Right now, I'm using /etc/rc.local to configure things: # Remove all routes for xl0 (second NIC) from the primary routing table setfib 0 route delete 10.172.20.0/24 setfib 0 route delete 10.172.20.0.2 setfib 0 route delete 10.172.20.0.1 setfib 0 route delete default # Remove all routes for sk0 (primary NIC) from the secondary routing table setfib 1 route delete 172.20.0.0/24 setfib 1 route delete 172.20.0.10 setfib 1 route delete 172.20.0.2 setfib 1 route delete default # Set the correct default routes in each table setfib 0 route add default 172.20.0.10 setfib 1 route add default 10.172.20.1 # IPFW rules to set the correct FIB on incoming packets ipfw add allow ip from any to any via lo0 ipfw add setfib 1 ip from any to any via xl0 ipfw add setfib 0 ip from any to any via sk0 ipfw add allow ip from any to any Then, I start applications using wrapper scripts that "setfib 1" the apps that I want to use the secondary Internet link. I've run some tcpdumps on each interface, and it looks like the traffic is being separated correctly. Eventually, I'll be adding more IPFW rules to block unwanted traffic. Am I missing anything? Are the "route delete" statements needed? Is there a better way to configure this than using /etc/rc.local? -- Freddie Cash fjwcash@gmail.com