From owner-freebsd-jail@freebsd.org Mon Jul 17 17:48:09 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 46769D9BD56; Mon, 17 Jul 2017 17:48:09 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-yw0-x22b.google.com (mail-yw0-x22b.google.com [IPv6:2607:f8b0:4002:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 040D769A69; Mon, 17 Jul 2017 17:48:09 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-yw0-x22b.google.com with SMTP id v193so50565807ywg.2; Mon, 17 Jul 2017 10:48:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=o46a/6uQHwKIb1dNCKCL4pW0ERVyJld81CtuktRCL8M=; b=D9oYqR9kY168KsIUjJ0Cn00DaYKpvZj1GxRiScmeW42cUnXSw6dO7WIJ03wZENolHP A9+xVZE65syGWfR1qKJrlZOs+9kJg8EhV6V9l1oML0+ctg3pSwGDhcCNCSKVGtL65wfe gwaQtymj/+IZ0XNrlQ1p3yfW726VjzhYl3XyI36pkzLh0/iHcHbLXN1Uvoyc/QTcuBQj 4YpZB9kRMaX5l1rkAKzXIEF6fLMMJf71Y0STA4mql50mvrCT4rbvylpIP14cULLfNKXh +M0CvXl0Y29HA1gHslNMbBSbQbRnnnVE0Oo+ISiGN7Rxnv8G/QhTQdAyPt7Gol27WUFi 303w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=o46a/6uQHwKIb1dNCKCL4pW0ERVyJld81CtuktRCL8M=; b=ITziQBBymhWwk6y8/IZFSFcwrs5r5R7RrvUXhR5bpCOgllnZ9bt1Covi3wICuMZwWS 3FTqvFPTp6TR0mnPXUMii1u5uYJhpT/9mV0trErUsmZhFRRA3izkzlGbzaeYKgUDH+eE wxHcjDtBPr5TJcRA0fyarqlZ3MeQLgf5933/3GvLCeO9FT9CCIWEZDHgwawkHV0jmwXB p0ozJklSNzWcKGA/UxtSmZAVmqDTEKa7qghGnoE0HRl2zd/i28bAj9X/mX1hR2+2yXvz sb/Eb+dzoN1vJG0Dl9FSQ9eoDcXNxNfaTuK6v4/B/6K/5uoh5g6tbpFNz9A/pWUTB4Gj DrSQ== X-Gm-Message-State: AIVw113tRlYSDDZu05LyQ30PxiD3JweDruXtTbzgSDs5NsDHCX7zs2f0 GIeij+rRJ1/RXbf0oO1qGvSnrR6vXQ== X-Received: by 10.129.112.148 with SMTP id l142mr16906244ywc.221.1500313688234; Mon, 17 Jul 2017 10:48:08 -0700 (PDT) MIME-Version: 1.0 Sender: asomers@gmail.com Received: by 10.13.243.135 with HTTP; Mon, 17 Jul 2017 10:48:07 -0700 (PDT) In-Reply-To: <596CF1BA.8050104@grosbein.net> References: <596CA093.6020508@grosbein.net> <596CF1BA.8050104@grosbein.net> From: Alan Somers Date: Mon, 17 Jul 2017 11:48:07 -0600 X-Google-Sender-Auth: rqoQRD544JcFTjYb3e8N739fTN8 Message-ID: Subject: Re: A web server behind two gateways? To: Eugene Grosbein Cc: FreeBSD Net , freebsd-jail@freebsd.org, Grzegorz Junka Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2017 17:48:09 -0000 On Mon, Jul 17, 2017 at 11:19 AM, Eugene Grosbein wrote: > 17.07.2017 23:46, Alan Somers wrote: > >>> So, the solution depends of kind of NAT you use. >> >> That's not 100% true. The web server is choosing which gateway to >> use. As Grzegorz said, it's only configured to use a single gateway >> at a time. To do what Grzegorz wants, he'll need to use multiple >> fibs. Set "net.fibs=2" and "net.add_addr_allfibs=0" in >> /boot/loader.conf and reboot. > > This will work for a server directly connected to both external > gateways but won't work for a server behind two NAT boxes. > > Eugene Grosbein I think what you meant to say is "this will work for a server directly connected to two external gateways (whether or not NAT is involved), but won't work if the server is not on the same subnet as the gateways". That's true. But judging by the OP, I think they're all on the same subnet. -Alan