From owner-freebsd-net@FreeBSD.ORG Mon Apr 28 10:15:22 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 425B38E7 for ; Mon, 28 Apr 2014 10:15:22 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id EE6B615E1 for ; Mon, 28 Apr 2014 10:15:21 +0000 (UTC) Received: from Julian-MBP3.local (ppp121-45-232-70.lns20.per1.internode.on.net [121.45.232.70]) (authenticated bits=0) by vps1.elischer.org (8.14.8/8.14.8) with ESMTP id s3SAFGgD068178 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 28 Apr 2014 03:15:20 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <535E2A2F.3030505@freebsd.org> Date: Mon, 28 Apr 2014 18:15:11 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Andrea Venturoli , freebsd-net@freebsd.org Subject: Re: Server with multiple public IP References: <535E1842.20905@netfence.it> <535E1C66.6090004@talk2dom.com> <535E231A.1050800@netfence.it> <535E293C.5050705@freebsd.org> In-Reply-To: <535E293C.5050705@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2014 10:15:22 -0000 replying to myself.. On 4/28/14, 6:11 PM, Julian Elischer wrote: > On 4/28/14, 5:44 PM, Andrea Venturoli wrote: >> On 04/28/14 11:18, Andreas Nilsson wrote: >> >>> You could put all the services which are on 2.0.0.2 in a separate >>> fib and >>> there have another default-route. >> >> Thanks, but unfortunately I can't, since some services must be able >> to answer on both addresses. > > the answer is to use the ipfw setfib rule for incoming packets on > the second interface. > setfib 1 ip from any to any in recv em0 > In new freebsd kernels you can do this with ifconfig em0 fib 1 (I > think that's the syntax) without involving ipfw. > > then the session will inherit that fib. Outgoing packets from that > session will use fib 1 while other outgoing packets will use fib0. from the ifconfig man page. (FreeBSD 11 but I think it's in 10 too.) fib fib_number Specify interface FIB. A FIB fib_number is assigned to all frames or packets received on that interface. The FIB is not inherited, e.g., vlans or other sub-interfaces will use the default FIB (0) irrespective of the parent interface's FIB. The kernel needs to be tuned to support more than the default FIB using the ROUTETABLES kernel configuration option, or the net.fibs tunable. this can be simulated using ipfw setfib should you not have it in the release you are running. > >> >> Maybe I could use socket in one fib to proxy to the other, but that >> would probably make a mess in the logs when I have to identify who >> connects to what and from where. >> >> bye & Thanks >> av. >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >