Date: Wed, 14 May 2014 12:05:26 +0200 From: Andrea Venturoli <ml@netfence.it> To: freebsd-net@freebsd.org Cc: dom@talk2dom.com Subject: Re: Server with multiple public IP Message-ID: <53733FE6.4060605@netfence.it> In-Reply-To: <535E1C66.6090004@talk2dom.com> References: <535E1842.20905@netfence.it> <535E1C66.6090004@talk2dom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/28/14 11:16, Dominic Froud wrote: > On 28/04/2014 09:58, Andrea Venturoli wrote: >> I've got a server which has two (or more) interfaces with public IPs. >> >> Let's say, as an example (with fictional IPs): >> ifconfig_vlan1="inet 1.0.0.2 netmask 255.255.255.248..." >> ifconfig_vlan2="inet 2.0.0.2 netmask 255.255.255.248..." >> >> Of course, I can only have a default route, let's say 1.0.0.1. >> This is fine for outgoing traffic and for incoming connections on vlan1. >> However, when someone from the outside connects to 2.0.0.2, reply >> packets still go out through 1.0.0.1 (on vlan1), but they should go >> through vlan2 to 2.0.0.1 > > You want source-based routing. > > I have this situation and I used pf(4) to do it with a rule like: > > pass out quick route-to ( vlan2 ) from 2.0.0.0/29 to any no state > > As a variation you can give an optional next-hop address if you have a > static router for that vlan, e.g. if your router is 2.0.0.1: > > pass out quick route-to ( vlan2 2.0.0.1 ) from 2.0.0.0/29 to any no state > > Also, you can run pf and ipfw at the same time! > > Hope this helps, I ended up using this solution... so far so good (and so easy). Thanks a lot. bye av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53733FE6.4060605>