Date: Fri, 06 Nov 2009 10:29:42 +0100 From: "Tonix (Antonio Nati)" <tonix@interazioni.it> To: freebsd-stable@freebsd.org Subject: Re: Features in 8.0? Message-ID: <4AF3EC86.7010506@interazioni.it> In-Reply-To: <4AF3DC05.3010408@infracaninophile.co.uk> References: <4AF35D7D.7010807@interazioni.it> <4AF3DC05.3010408@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman ha scritto: > Tonix (Antonio Nati) wrote: >> I'd like to know if these features are available in FreeBSD 8.0. >> >> * advanced routing (I miss the possibility to define routes based >> on sender IPs) >> * carpdev > > Yes to both, if you enable pf. The advanced routing I think you're > asking > about is generally described as 'policy based routing' -- look for the > documentation on the 'route-to' keyword in pf rulesets: > > http://openbsd.org/faq/pf/pools.html#outgoing > > If you implement CARP on a firewall pair, then you will need a carp0 > pseudo interface -- this can be created and configured in /etc/rc.conf > like > so: > > cloned_interfaces="carp0" > > ifconfig_carp0="vhid 100 pass ~not~telling~you~ 192.0.2.1/24" > > FreeBSD-8.0 now also has the capability of using a per-application > routing > table, so you can change the routes for (say) apache or squid > independently > of what applies for the rest of the system. See setfib(1) for more > information, plus recent examples of implementing this in RC scripts on > the ports mailing list. > As far as I read, it is no to both. About routes, if I type a "route" command I will not be able these routes. I hope to add a route with a command like "route add --from 192.168.16.0/24 ....", and I hope I can see all the routes in the system with the "route" command, without need to have two separate commands to merge. About carpdev, I already know carp is implemented, but up to now the OpenSBD carpdev, which let a virtual IP to bind an interface, is not implemented. The FreeBSD way forces to have one "fixed" ip for each interface on which we need a virtual IP. Impossible for complex networks. Thanks, Tonino > Cheers, > > Matthew > -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@interazioni.it ------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AF3EC86.7010506>