From owner-freebsd-pf@FreeBSD.ORG Fri Jun 19 04:50:43 2015 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 16C4D83E for ; Fri, 19 Jun 2015 04:50:43 +0000 (UTC) (envelope-from chuck@mantis.biz) Received: from zip.c7hosting.com (zip.c7hosting.com [96.47.41.151]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E3797DFB for ; Fri, 19 Jun 2015 04:50:42 +0000 (UTC) (envelope-from chuck@mantis.biz) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mantis.biz; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=Nm0M+AFab9TkxN/xhYdc9y0/Pmrbaqukkad7NlqbDB0=; b=EO3HcsaXm0gZxNVhpoPAjUTWzULinO+ZpyPq2oJ2h+6ADybHi4sqqIRXIw8VnlMB82RDiKH1OrttkYcKG3pgKLlM9wgmQvmO+44+zThxGfp/m8sehGCRf5V1H0xZN111; Received: from toroon4213w-lp130-04-1176445566.dsl.bell.ca ([70.31.34.126]:64992 helo=[192.168.2.13]) by zip.c7hosting.com with esmtpa (Exim 4.85) (envelope-from ) id 1Z5ncx-0008JW-7U for freebsd-pf@freebsd.org; Fri, 19 Jun 2015 00:10:03 -0400 Message-ID: <55839619.8000603@mantis.biz> Date: Fri, 19 Jun 2015 00:10:01 -0400 From: "Chuck @ Mantis" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Subject: adding an additional block & gateway Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - zip.c7hosting.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - mantis.biz X-Get-Message-Sender-Via: zip.c7hosting.com: authenticated_id: chuck@mantis.biz X-Source: X-Source-Args: X-Source-Dir: X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jun 2015 04:50:43 -0000 I'm currently using FreeBSD and PF as a gateway and firewall in front of a handful of web servers. External: defaultrouter="79.112.227.33" ifconfig_bge0="inet 79.112.227.34 netmask 255.255.255.224" I've asked the datacenter for an additional block and received: Gateway : 60.34.75.209 IP block : 60.34.75.208/28 Subnet : 255.255.255.240 Since the gateways are different, I'm assuming I need to use PF or BSD to somehow direct (route?) traffic which came via the new block out through the new gateway? Do I need an additional NIC or would aliases work? Where should the routing rules happen (freebsd routes or in pf somehow)? Thank you for any advice (1st post here)