From owner-freebsd-questions@FreeBSD.ORG Sun May 31 22:45:34 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17537106566B for ; Sun, 31 May 2009 22:45:34 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: from mail.gmx.com (unknown [213.165.64.42]) by mx1.freebsd.org (Postfix) with SMTP id 79A988FC19 for ; Sun, 31 May 2009 22:45:33 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: (qmail invoked by alias); 31 May 2009 22:45:31 -0000 Received: from ipa175.88.107.79.tellas.gr (EHLO [192.168.254.1]) [79.107.88.175] by mail.gmx.com (mp-eu003) with SMTP; 01 Jun 2009 00:45:31 +0200 X-Authenticated: #46156728 X-Provags-ID: V01U2FsdGVkX1/uU3VAJkbud76Xd08kE+hAYpeh6jvMlb553f7l+g 02klBpl/uDk5mX Message-ID: <4A23084D.6030704@gmx.com> Date: Mon, 01 Jun 2009 01:44:29 +0300 From: Nikos Vassiliadis User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: Tim Judd , FreeBSD Questions Mailing List References: <4A22FCE5.3030205@gmx.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.55 Cc: Subject: Re: dual gateways X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 May 2009 22:45:34 -0000 Tim Judd wrote: > > > On Sun, May 31, 2009 at 3:55 PM, Nikos Vassiliadis > wrote: > > Tim Judd wrote: > > I know it is not typical, but here's my setup. > > I have a private IP scope (/24 block) split up. 2 /25's > > I have a box that has dual NICs. One is on the low /25 and one > is on the > high /25. The high /25 is only used for jails and his gateway is a > soekris/alix board that will function. I can't find out how to > get the high > /25 to assign an additional gateway that's directed toward the > soekris/alix > SBC. > > > Any tips or advice on how I can setup the high netblock to get > it to route > successfully to the SBC? > > > Something like: > [internet-IP router 10.0.0.1/25] > | > | > [10.0.0.129/25 FreeBSD 10.0.0.2/25] > | > | > [10.0.0.130/25 router internet-IP] > > Is this your setup? > OK, I am confused:) Could you please explain? > > > > > internet > router1 (192.168.0.1/25) > (192.168.0.2/25) router2 (192.168.0.129/25) > [192.168.0.5/25] Box with problems [192.168.0.130] > > All my jails on this box is on the top half, and i want the jails to go > through the 192.168.0.129/25 gateway (which in > turn goes through 0.1, but it's a matter of separating off hostile > computers in my lab that i work on ppls computers with. > > > Does this help? Yes, you want to use 192.168.0.2 as your default route and 192.168.0.129 as the default route for traffic originating from the jails 192.168.0.130/25. You can use a firewall to do such things, all three "FreeBSD" firewalls have this ca- pability. ipfw has the fwd action and pf has the route-to option to change the next hop to whatever the administrator desires. Check the manual of your favorite firewall. There is an other option, setfib. You could compile a kernel with multiple routing tables support and start the jails in the second routing table which would have 192.168.0.129 as the default router. HTH, Nikos