From owner-freebsd-questions@FreeBSD.ORG Mon Dec 22 17:54:08 2008 Return-Path: Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C83DA106564A for ; Mon, 22 Dec 2008 17:54:08 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-defer01.adhost.com (mail-defer01.adhost.com [216.211.128.176]) by mx1.freebsd.org (Postfix) with ESMTP id A36908FC26 for ; Mon, 22 Dec 2008 17:54:08 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-in04.adhost.com (mail-in04.adhost.com [10.212.3.14]) by mail-defer01.adhost.com (Postfix) with ESMTP id 4AC8510733 for ; Mon, 22 Dec 2008 09:14:55 -0800 (PST) (envelope-from mksmith@adhost.com) Received: from ad-exh01.adhost.lan (exchange.adhost.com [216.211.143.69]) by mail-in04.adhost.com (Postfix) with ESMTP id A0DF9192813; Mon, 22 Dec 2008 09:14:54 -0800 (PST) (envelope-from mksmith@adhost.com) Received: from 10.142.3.201 ([10.142.3.201]) by ad-exh01.adhost.lan ([10.142.0.20]) with Microsoft Exchange Server HTTP-DAV ; Mon, 22 Dec 2008 17:14:54 +0000 User-Agent: Microsoft-Entourage/12.15.0.081119 Date: Mon, 22 Dec 2008 09:14:51 -0800 From: "Michael K. Smith" To: , FreeBSD Questions Message-ID: Thread-Topic: How can I link two separate internal networks to two separate external networks Thread-Index: AclkWMykAlY3H2zIqEa1WYCYbdG5CQ== In-Reply-To: <200812222306.45986.geoff@apro.com.au> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Cc: Subject: Re: How can I link two separate internal networks to two separate external networks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2008 17:54:08 -0000 Hello Geoff: On 12/22/08 4:06 AM, "Geoff Roberts" wrote: > Hi, > > I have a FreeBSD 7.0 box with pf. > > I have two internal networks (intnet0 and intnet1) and two internal networks > (extnet0 and extnet1). > > extnet0 and extnet1 are two different gateways to the internet. > > I only have one physical internal (int0) and one physical external (ext0) > interface. > > Traffic from intnet0 needs to go out on extnet0 > > Traffic from intnet1 needs to go out on extnet1 (consider this a default route > for any traffic not going out on extnet0). > > What are some suggested ways of doing this? > > Assume addresses are (these are made up, but hopefully help paint the > picture): > > intnet0 - 192.168.50.0/24 > extnet0 - 10.10.10.8/30 > - extnet0 address 10.10.10.8.10 > - default route 10.10.10.9 > - broadcast 10.10.10.11 > > intnet1 - 192.168.60.0/24 > extnet1 - 10.10.10.12/30 > - extnet1 address 10.10.10.14 > - default route 10.10.10.13 > - broadcast 10.10.10.15 > > So far I have created vlans via a switch on each interface to "multiplex" the > connections: > > vlan10 - 192.168.50.0/24 and vlan20 - 192.168.60.0/24 come in on a single > cable to int0. > > vlan50 - 10.10.10.8/30 and vlan60 - 10.10.10.12/30 come in on a single cable > to ext0. > > However, since I have the defaultroute set for 10.10.10.13 all traffic from > intnet0 is going out on vlan60 whereas i want it to go out on vlan50. > > Am I going about this the wrong way? > I think this will work. Let's assume: $vlan10_if -> macro for your tagged VLAN 10 interface $vlan20_if -> macro for your tagged VLAN 20 interface $vlan50_if -> macro for your tagged VLAN 50 interface $vlan60_if -> macro for your tagged VLAN 60 interface $vlan50_gw = 10.10.10.9 $vlan60_gw = 10.10.10.13 pass in on $vlan10_if route-to ($vlan50_if $vlan50_gw) from any to any pass in on $vlan20_if route-to ($vlan60_if $vlan60_gw) from any to any That would be in conjunction with your NAT's and any RDR's as well. Regards, Mike