Date: Mon, 20 Jun 2011 21:36:17 -0400 From: Jon Radel <jon@radel.com> To: freebsd-questions@freebsd.org Subject: Re: Two Networks on one System Message-ID: <4DFFF591.6090801@radel.com> In-Reply-To: <4DFFE6B9.2020107@dichotomia.fr> References: <201106202107.p5KL7PW0091851@x.it.okstate.edu> <4DFFC61B.2080201@radel.com> <27899_1308609017_4DFFC9F9_27899_767_1_D9B37353831173459FDAA836D3B43499BF89C588@WADPMBXV0.waddell.com> <4DFFD0A7.8010806@radel.com> <4DFFE6B9.2020107@dichotomia.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/20/11 8:32 PM, Jerome Herman wrote: >> pass in on nic_a reply-to ($nic_a $gw_a) >> pass in on nic_b reply-to ($nic_b $gw_b) > From what I understand, there are two different ISP providing access to > two different interfaces. In this case I am very concerned with all the > bizarre things that a reply-to might trigger. > What I mean is that nothing guarantees that a distant address will > access the box from the same interface every time. Who cares? The interfaces have different addresses so any traffic that belongs together will go to only one interface. It's not like machines out there will alternate packets to two different destination IP addresses. They might alternate "connections," for a very broad definition of "connections," but that shouldn't present a problem. As for the rest, I think you're going waaaaaayyyyy beyond what the OP described as his problem: Setup two interfaces with different addresses which make use of different gateways as the addresses belong on different networks. Allow traffic to go to one address on one network until DNS glue records are changed and traffic starts going to a second address on a second network. I would suspect that he has stateful firewalls and/or anti-spoofing rules upstream from him that keep him from replying to everything out a single interface. If it weren't for that, I suspect we wouldn't be having this discussion. --Jon Radel jon@radel.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DFFF591.6090801>