From owner-freebsd-net@FreeBSD.ORG Thu Jan 15 11:37:42 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DEEF2106564A for ; Thu, 15 Jan 2009 11:37:42 +0000 (UTC) (envelope-from dimitar.vassilev@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.30]) by mx1.freebsd.org (Postfix) with ESMTP id 979C08FC0A for ; Thu, 15 Jan 2009 11:37:42 +0000 (UTC) (envelope-from dimitar.vassilev@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so407336ywe.13 for ; Thu, 15 Jan 2009 03:37:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=cBfSbrexU/1BpMEFmUmJfCwQVfcRPlydk3npp3To7M0=; b=qCcgz2PYiVklVnW/XHOePnhMJ/Twz8oT2U6eMtKdRBqqysdOluax+ZOA2kYQnWukwt fIGSLWgt4k6/5qbAUilOaQmIgEml6XB9Iys10ewD+XaZK3R7fXRXalbv95T4gDwVg6oW ry0ydt8buaalXWnH7P0geW55Qm3+FxG5FU9yA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=eWPRRbXHkJwdeQZUB2Es4iR84VRoHuPRxFppp2f3XD/DomlL3R/LwS9Gdd32qI3fsd FP5mPPOXTq8UsVWEWlNomq0LZB+MLR3SZG3K1xO0YTXcHe4ilrnVcYOyRLkgcLdIqG5l El0Lssgh232N1Wsx4BrGDIJkEHTu8a/6f1Dn8= Received: by 10.151.14.5 with SMTP id r5mr391164ybi.206.1232019461930; Thu, 15 Jan 2009 03:37:41 -0800 (PST) Received: by 10.151.133.7 with HTTP; Thu, 15 Jan 2009 03:37:41 -0800 (PST) Message-ID: <59adc1a0901150337n5fa35de0vd079f8e764d13b31@mail.gmail.com> Date: Thu, 15 Jan 2009 13:37:41 +0200 From: "Dimitar Vasilev" To: "Julian Elischer" In-Reply-To: <496ECB47.4060005@elischer.org> MIME-Version: 1.0 References: <59adc1a0901122114v15efa47ahba8beef6ace4ddb0@mail.gmail.com> <496CCFBF.3010008@elischer.org> <59adc1a0901142032u5c6bb08y5c8768aa43d1d56a@mail.gmail.com> <496ECB47.4060005@elischer.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org Subject: Re: setfib+pf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jan 2009 11:37:43 -0000 2009/1/15 Julian Elischer > Dimitar Vasilev wrote: > >> >> >> I'd much appreciate if someone thinks with me for the best >> options of using >> the setfib features along with pf. >> >> >> I know setfib but I don't know pf unfortunately.. I use ipfw >> (which is why ipfw has fib support :-) >> >> >> possibly Max Lair may know both.. >> >> Hi Julian, >> Could you sched some light on the ipfw and setfib as an example. Seems the >> person you're referring to is busy. The rest I will figure out on my own. If >> there are results - I will share back. >> Thanks, >> Dimitar >> > > > well, you need to tell me a little more about what you want to do. Thanks - here is the schema: Lan1(browsing clients) | -------------- ---------------- | WRT |-------------| ALIX |-----------Lan2 (DMZ stuff, splitted into various networks, vlans,etc) -------------- --------------- | | ----------- ---------------- | Uplink| | Uplink | ------------ ---------------- I will have two uplinks and would like to failover uplink of clients from lan 1 and lan 2 depending on which link is up, keeping Lan2 accessible via the both uplinks, using something like tunnel1.foobar and tunnel2.foobar, as well as keeping LAN2 isolated from the clients via vlan and firewall rules allowing ssh mostly. As will have various private networks,tunnels,etc and no BGP, I would like to take advantage of setfib. Thanks. Best regards, Dimitar Vassilev