Date: Mon, 28 Apr 2014 10:16:22 +0100 From: Dominic Froud <dom@talk2dom.com> To: freebsd-net@freebsd.org Subject: Re: Server with multiple public IP Message-ID: <535E1C66.6090004@talk2dom.com> In-Reply-To: <535E1842.20905@netfence.it> References: <535E1842.20905@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28/04/2014 09:58, Andrea Venturoli wrote: > I've got a server which has two (or more) interfaces with public IPs. > > Let's say, as an example (with fictional IPs): > ifconfig_vlan1="inet 1.0.0.2 netmask 255.255.255.248..." > ifconfig_vlan2="inet 2.0.0.2 netmask 255.255.255.248..." > > Of course, I can only have a default route, let's say 1.0.0.1. > This is fine for outgoing traffic and for incoming connections on vlan1. > However, when someone from the outside connects to 2.0.0.2, reply > packets still go out through 1.0.0.1 (on vlan1), but they should go > through vlan2 to 2.0.0.1 You want source-based routing. I have this situation and I used pf(4) to do it with a rule like: pass out quick route-to ( vlan2 ) from 2.0.0.0/29 to any no state As a variation you can give an optional next-hop address if you have a static router for that vlan, e.g. if your router is 2.0.0.1: pass out quick route-to ( vlan2 2.0.0.1 ) from 2.0.0.0/29 to any no state Also, you can run pf and ipfw at the same time! Hope this helps, Dominic
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?535E1C66.6090004>