Date: Wed, 20 May 2015 08:36:39 +0100 From: krad <kraduk@gmail.com> To: Adrian Chadd <adrian@freebsd.org> Cc: Patrick Gibson <gibblertron@gmail.com>, FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: Asymmetric routing with FreeBSD on Amazon EC2 within VPC Message-ID: <CALfReyeR8ThejW1xzJQq0bSnbmYeEBuPSZSGgyBa6AcniWT9gw@mail.gmail.com> In-Reply-To: <CALfReyfiKH1tVG-3FY%2B83i3p2f87mMkkuW_TumgohXgRSFiD-A@mail.gmail.com> References: <CA%2BdWbmasJas%2ByA40unSYooWdkn10pS=jhsQC2VkwXW1GmiBMRQ@mail.gmail.com> <CAJ-VmonuKYT6kSgOoV5amavqBfGLyjb5aL5yAcm7k7suRxiemw@mail.gmail.com> <CALfReyfiKH1tVG-3FY%2B83i3p2f87mMkkuW_TumgohXgRSFiD-A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
oh and dont run pf if you are going to try vnet jails as the two dont play at present On 20 May 2015 at 08:35, krad <kraduk@gmail.com> wrote: > you best bet is to probably run 2 vnet jails one for each ip. Annoying to > have to have the extra maintenance and resource overhead I know, but its > not a bad thing security wise > > On 20 May 2015 at 04:56, Adrian Chadd <adrian@freebsd.org> wrote: > >> Hi, >> >> So the "freebsd clean" solution would be to create two listen sockets, >> one per IP address, and and have each IP address / routing table in a >> separate FIB, or separate vnet. >> >> I don't know if anyone has set that up though. It would be nice to >> teach some web servers and proxy serversabout FreeBSD FIBs. >> >> >> >> -adrian >> >> >> On 19 May 2015 at 12:22, Patrick Gibson <gibblertron@gmail.com> wrote: >> > I'm wondering if anyone has managed to figure out a way to have an >> > Amazon EC2 instance behind a VPC work with multiple public IP >> > addresses? The issue is with asymmetric routing. It's been resolved in >> > the Linux world >> > (http://blog.bluemalkin.net/multiple-ips-and-enis-on-ec2-in-a-vpc/), >> > but I can't seem to get it working under FreeBSD. Using the setfib >> > command, I'm able to manually go out through either interface, but for >> > incoming packets to a webserver that listens to both interfaces, no >> > dice. :( >> > >> > Patrick >> > _______________________________________________ >> > freebsd-questions@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> > To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReyeR8ThejW1xzJQq0bSnbmYeEBuPSZSGgyBa6AcniWT9gw>