Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 Jan 2017 00:58:15 +0000
From:      Harry Duncan <usr.src.linux@gmail.com>
To:        freebsd-pf@freebsd.org
Subject:   interface definition with aliases
Message-ID:  <CAHAPYVBWopDmP4hOAcFN8F-TeOx8DhFP429HoqR3g6kxZCUhPg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Hi Guys,

I get my net connection to my freebsd box by pppoe. I have a /29
allocation, so I have to add my additional IP's at the public interface on
my bsd box, so I add them with

ifconfig tun0 alias 121.171.163.226 netmask 255.255.255.255 181.191.100.212

and I end up with a tun0 looking like:

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492
        options=80000<LINKSTATE>
        inet 121.171.163.225 --> 181.191.100.212  netmask 0xffffffff
        inet 121.171.163.226 --> 181.191.100.212  netmask 0xffffffff
        inet 121.171.163.227 --> 181.191.100.212  netmask 0xffffffff
        inet 121.171.163.228 --> 181.191.100.212  netmask 0xffffffff
        inet 121.171.163.229 --> 181.191.100.212  netmask 0xffffffff
        inet 121.171.163.230 --> 181.191.100.212  netmask 0xffffffff
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun
        Opened by PID 4207

In the normal course of events, with a single wan ip, I just declare ext_if
= "tun0" in pf.conf and it resolves to the wan ip.

What I want to be able to do here is reference specific aliases in rules,
so for example, port forward port 22 on .225 to one lan host, port forward
the same port on .226 to another lan host

I also want to direct all traffic out from specific lan hosts to go out on
specific ip addresses and not randomly across the range.

I have accomplished this before with intefrace aliases where pppoe has not
been used, but am stuck conceptually on how to implement this where the ip
aliases are all on the same interface.

Anyone got any thoughts if this is going to be possible?

My alternate course of action will be to try and bring up a tun device for
each of the aliases with a different ppp dialer, just not sure routing wise
if that is going to work so I'm just curious to know if you guys think it
can be accomplished with the above?

Thanks,

Harry.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHAPYVBWopDmP4hOAcFN8F-TeOx8DhFP429HoqR3g6kxZCUhPg>