From owner-freebsd-net@FreeBSD.ORG Mon Apr 28 10:11:18 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EB442753 for ; Mon, 28 Apr 2014 10:11:18 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id BD61815BF for ; Mon, 28 Apr 2014 10:11:18 +0000 (UTC) Received: from Julian-MBP3.local (ppp121-45-232-70.lns20.per1.internode.on.net [121.45.232.70]) (authenticated bits=0) by vps1.elischer.org (8.14.8/8.14.8) with ESMTP id s3SABD9c068141 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 28 Apr 2014 03:11:16 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <535E293C.5050705@freebsd.org> Date: Mon, 28 Apr 2014 18:11:08 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Andrea Venturoli , freebsd-net@freebsd.org Subject: Re: Server with multiple public IP References: <535E1842.20905@netfence.it> <535E1C66.6090004@talk2dom.com> <535E231A.1050800@netfence.it> In-Reply-To: <535E231A.1050800@netfence.it> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2014 10:11:19 -0000 On 4/28/14, 5:44 PM, Andrea Venturoli wrote: > On 04/28/14 11:18, Andreas Nilsson wrote: > >> You could put all the services which are on 2.0.0.2 in a separate >> fib and >> there have another default-route. > > Thanks, but unfortunately I can't, since some services must be able > to answer on both addresses. the answer is to use the ipfw setfib rule for incoming packets on the second interface. setfib 1 ip from any to any in recv em0 In new freebsd kernels you can do this with ifconfig em0 fib 1 (I think that's the syntax) without involving ipfw. then the session will inherit that fib. Outgoing packets from that session will use fib 1 while other outgoing packets will use fib0. > > Maybe I could use socket in one fib to proxy to the other, but that > would probably make a mess in the logs when I have to identify who > connects to what and from where. > > bye & Thanks > av. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >