From owner-freebsd-questions@FreeBSD.ORG Mon Jun 20 13:55:07 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 61BF7106566C for ; Mon, 20 Jun 2011 13:55:07 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id C23708FC0A for ; Mon, 20 Jun 2011 13:55:06 +0000 (UTC) Received: from russet.local (reflex.squiz.co.uk [83.217.109.164]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id p5KDscjP014282 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Mon, 20 Jun 2011 14:55:03 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk p5KDscjP014282 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1308578103; bh=kgHl/+LMMMcx92i0RKwK8CdPzBaYHgKg21Hs/yUjgEg=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4DFF5113.5000909@infracaninophile.co.uk>|Date:=20M on,=2020=20Jun=202011=2014:54:27=20+0100|From:=20Matthew=20Seaman= 20|User-Agent:=20Mozilla/5.0=20(M acintosh=3B=20U=3B=20Intel=20Mac=20OS=20X=2010.6=3B=20en-US=3B=20r v:1.9.2.17)=20Gecko/20110414=20Thunderbird/3.1.10|MIME-Version:=20 1.0|To:=20freebsd-questions@freebsd.org|Subject:=20Re:=20Two=20Net works=20on=20one=20System|References:=20<201106201337.p5KDbaot0890 06@x.it.okstate.edu>|In-Reply-To:=20<201106201337.p5KDbaot089006@x .it.okstate.edu>|X-Enigmail-Version:=201.1.1|Content-Type:=20multi part/signed=3B=20micalg=3Dpgp-sha1=3B=0D=0A=20protocol=3D"applicat ion/pgp-signature"=3B=0D=0A=20boundary=3D"------------enig9660581E 49EF478F84BF9AE6"; b=OsxpvziOHcJmw90jqHukM3zR9eJHM/9FRZRTahvoHJ+eaJqAfcKDznNLeQsfw+k0L bIGzbyROWGXWRn0sKbCRLAaQZvOrhEW8Btmtw13AxjTYm/Hjs5AWLaspO0bw2bY1/u qncjqeWoTTXE0kBaVyldsFSGh/j5+pLgBQmrxizE= X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host reflex.squiz.co.uk [83.217.109.164] claimed to be russet.local Message-ID: <4DFF5113.5000909@infracaninophile.co.uk> Date: Mon, 20 Jun 2011 14:54:27 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <201106201337.p5KDbaot089006@x.it.okstate.edu> In-Reply-To: <201106201337.p5KDbaot089006@x.it.okstate.edu> X-Enigmail-Version: 1.1.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig9660581E49EF478F84BF9AE6" X-Virus-Scanned: clamav-milter 0.97 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_40,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lucid-nonsense.infracaninophile.co.uk Subject: Re: Two Networks on one System X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2011 13:55:07 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9660581E49EF478F84BF9AE6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 20/06/2011 14:37, Martin McCormick wrote: > Following up on a question I wrote Friday June 17, a > person from this list kindly referred me to the FreeBSD > Handbook and the sections on configuring Ethernet interfaces. It > has an excellent example as to how to set the default gateway > from the command line. I tried it and it worked. Can a second > interface such as fxp1 also be informed about the > router on its network while we still keep the default route for fxp0? >=20 > I hope to remotely ping both fxp0 and fxp1's ip > addresses from off site and get an answer from both. > So far, fxp0 is visible off of its network and fxp1 is > only present on its subnet. >=20 > It appears that you can only have one default route per > system and I need this system to appear on both networks for a > day or so while we move from one subnet to another. >=20 > I presently have FW rules for fxp1 that should totally > open everything: >=20 > 00090 allow ip from any to 192.168.1.250 via fxp1 > 00091 allow ip from 192.168.1.250 to any via fxp1 >=20 > Obviously, I am still missing something. >=20 > Thanks for any explanation as I think this sort of thing > is fairly common. Yes. It's common in the sense that a lot of people think its something that should work, and get confused when it doesn't prove simple to set up= =2E In principle, absolutely, you can set up routing to diverse upstream locations and have it all work properly. In practice, unless you are familiar with internet routing protocols *or* both your upstream gateways are actually part of the same organization and they offer 'bonded links' or some such, then you aren't going to make this work. Certainly not as a transitional thing -- even with full blown BGP setups, it still takes several minutes for routes to reorganise themselves in the event of a failure somewhere. While you can't have multiple default routes, you can certainly have more specific routes that go via other gateways. Usually with routing, the choice of route is made by matching against the destination address, but you can use other criteria. The key words are 'policy based routing' -- you'ld actually use a firewall (ipfw or pf) to implement that. [Also, usually some sort of NAT to rewrite the source address of the packets] Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig9660581E49EF478F84BF9AE6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3/URwACgkQ8Mjk52CukIyD1gCeOcpRCBiEmaIkieKZ+EIDaIld pO4AnRDhBtHBMmS1UKYVsuqi04ArTq+M =DzqU -----END PGP SIGNATURE----- --------------enig9660581E49EF478F84BF9AE6--