From owner-freebsd-stable@FreeBSD.ORG Fri Nov 6 09:29:47 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E97C1065672 for ; Fri, 6 Nov 2009 09:29:47 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: from mx02.interazioni.net (mx02.interazioni.net [80.94.114.204]) by mx1.freebsd.org (Postfix) with ESMTP id F03EE8FC1B for ; Fri, 6 Nov 2009 09:29:46 +0000 (UTC) Received: (qmail 57448 invoked by uid 88); 6 Nov 2009 09:29:46 -0000 Received: from unknown (HELO ?192.168.56.198?) (tonix@interazioni.it@85.18.206.139) by relay.interazioni.net with ESMTPA; 6 Nov 2009 09:29:45 -0000 Message-ID: <4AF3EC86.7010506@interazioni.it> Date: Fri, 06 Nov 2009 10:29:42 +0100 From: "Tonix (Antonio Nati)" User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <4AF35D7D.7010807@interazioni.it> <4AF3DC05.3010408@infracaninophile.co.uk> In-Reply-To: <4AF3DC05.3010408@infracaninophile.co.uk> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Features in 8.0? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 09:29:47 -0000 Matthew Seaman ha scritto: > Tonix (Antonio Nati) wrote: >> I'd like to know if these features are available in FreeBSD 8.0. >> >> * advanced routing (I miss the possibility to define routes based >> on sender IPs) >> * carpdev > > Yes to both, if you enable pf. The advanced routing I think you're > asking > about is generally described as 'policy based routing' -- look for the > documentation on the 'route-to' keyword in pf rulesets: > > http://openbsd.org/faq/pf/pools.html#outgoing > > If you implement CARP on a firewall pair, then you will need a carp0 > pseudo interface -- this can be created and configured in /etc/rc.conf > like > so: > > cloned_interfaces="carp0" > > ifconfig_carp0="vhid 100 pass ~not~telling~you~ 192.0.2.1/24" > > FreeBSD-8.0 now also has the capability of using a per-application > routing > table, so you can change the routes for (say) apache or squid > independently > of what applies for the rest of the system. See setfib(1) for more > information, plus recent examples of implementing this in RC scripts on > the ports mailing list. > As far as I read, it is no to both. About routes, if I type a "route" command I will not be able these routes. I hope to add a route with a command like "route add --from 192.168.16.0/24 ....", and I hope I can see all the routes in the system with the "route" command, without need to have two separate commands to merge. About carpdev, I already know carp is implemented, but up to now the OpenSBD carpdev, which let a virtual IP to bind an interface, is not implemented. The FreeBSD way forces to have one "fixed" ip for each interface on which we need a virtual IP. Impossible for complex networks. Thanks, Tonino > Cheers, > > Matthew > -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@interazioni.it ------------------------------------------------------------