From owner-freebsd-pf@FreeBSD.ORG Fri Jun 19 15:38:13 2015 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 94FFE680 for ; Fri, 19 Jun 2015 15:38:13 +0000 (UTC) (envelope-from chuck@mantis.biz) Received: from zip.c7hosting.com (zip.c7hosting.com [96.47.41.151]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1D43FEC2 for ; Fri, 19 Jun 2015 15:38:12 +0000 (UTC) (envelope-from chuck@mantis.biz) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mantis.biz; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=P2EOIVbSWPtDt2NmoIfQ7o8tCYqPHeLT8A2qunvN95o=; b=tofMzDc1I+NI97isbnOmNcHNiWG4YAKwoG4C5jtDd31eO6GcI576YilEFAeSJs76F/0eAk3z5j7pK8djQa0Dv25jxesHbZmxj2yuBi13slQLQee2DhPn9Nf9RzrpN9QO; Received: from toroon4213w-lp130-04-1176445566.dsl.bell.ca ([70.31.34.126]:49513 helo=[192.168.2.13]) by zip.c7hosting.com with esmtpa (Exim 4.85) (envelope-from ) id 1Z5yMs-0008A1-Ll; Fri, 19 Jun 2015 11:38:10 -0400 Message-ID: <55843762.3040106@mantis.biz> Date: Fri, 19 Jun 2015 11:38:10 -0400 From: "Chuck @ Mantis" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Kajetan Staszkiewicz , freebsd-pf@freebsd.org Subject: Re: adding an additional block & gateway References: <55839619.8000603@mantis.biz> <1704069.kZvlBVo68Y@energia> In-Reply-To: <1704069.kZvlBVo68Y@energia> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - zip.c7hosting.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - mantis.biz X-Get-Message-Sender-Via: zip.c7hosting.com: authenticated_id: chuck@mantis.biz X-Source: X-Source-Args: X-Source-Dir: X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jun 2015 15:38:13 -0000 Our data center responded to your question, here is the text: We can confirm that the new netblock is routed direct via your vlan as with your original netblock VLAN: vlan655-cbcbmedi-809, Created at: Mon Oct 20 13:42:05 2014 802.1Q Tag: 655, Internal index: 205, Admin State: Enabled, Origin: Static Layer 3 interface: vlan.655 (UP) IPV4 addresses: 60.34.75.209/28 79.112.227.33/27 Protocol: Port Mode, Mac aging time: 300 seconds Number of interfaces: Tagged 0 (Active = 0), Untagged 1 (Active = 1) ge-5/0/20.0*, untagged, access On 6/19/2015 9:01 AM, Kajetan Staszkiewicz wrote: > Dnia piÄ…tek, 19 czerwca 2015 00:10:01 Chuck @ Mantis pisze: >> I'm currently using FreeBSD and PF as a gateway and firewall in front of >> a handful of web servers. >> >> External: >> defaultrouter="79.112.227.33" >> ifconfig_bge0="inet 79.112.227.34 netmask 255.255.255.224" >> >> I've asked the datacenter for an additional block and received: >> >> Gateway : 60.34.75.209 >> IP block : 60.34.75.208/28 >> Subnet : 255.255.255.240 >> >> >> Since the gateways are different, I'm assuming I need to use PF or BSD >> to somehow direct (route?) traffic which came via the new block out >> through the new gateway? > Are both subnets on-link or done by real routing? Of on-link and if both are > on the same router and vlan from your provider, then it is going to work fine > while using only one gateway. >