From owner-freebsd-net@FreeBSD.ORG Tue Jan 13 05:44:01 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8425B106564A for ; Tue, 13 Jan 2009 05:44:01 +0000 (UTC) (envelope-from dimitar.vassilev@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30]) by mx1.freebsd.org (Postfix) with ESMTP id 389C38FC16 for ; Tue, 13 Jan 2009 05:44:00 +0000 (UTC) (envelope-from dimitar.vassilev@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so4549377yxb.13 for ; Mon, 12 Jan 2009 21:44:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=+CDScej2acmPUkv5rDsGGjbVc3lDobyoHzkerSeQYfc=; b=u76uNJPIr6ajvE1Kl19L13kLdADlY94AzaLJ+UoP+Mju22oJeEOaRTv0UZoFfrFPVm H6h6IM4aMyCNvo7Zsw550/G0+3yB0M1mLvN3nJLX8BjL/lUCGaWygD+Upy7yYKNYfujN /OMUy2BMIn2nuTneHIhvETT1cZly9+xsuImCE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=yIQzieLylB5EglckIHDEcyY2QVTmZ8lOqKUG5G3tlkV6MqHqwyOJqZsuktrl809r0+ EYh9krHIU2Y6xtng7hSRCD3bVC5yVklFLG4AtA21i/1iyYiY9HKgpvcpAYKaa9zje+HE Vbrb4zPXZPHgF/eiz+67f/9BtkeyHl6kT6FOg= Received: by 10.150.228.2 with SMTP id a2mr3473621ybh.201.1231823640429; Mon, 12 Jan 2009 21:14:00 -0800 (PST) Received: by 10.151.133.7 with HTTP; Mon, 12 Jan 2009 21:14:00 -0800 (PST) Message-ID: <59adc1a0901122114v15efa47ahba8beef6ace4ddb0@mail.gmail.com> Date: Tue, 13 Jan 2009 07:14:00 +0200 From: "Dimitar Vasilev" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: setfib+pf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2009 05:44:01 -0000 Hi, I originally posted my message to questions, however no response for about a week. Therefore I'm reposting here. Original question available at http://lists.freebsd.org/pipermail/freebsd-questions/2009-January/190056.html For those who prefer reading human text, here are my questions: I'd like to ask on the best options for using setfib and pf in a non-BGP environment. I will run 2 uplinks, with VLANs for internal networks and want to fail over external links if one of them fails.(Extended note as of 13.01: Uplink routers will be a WRT54GL with OpenWRT and an Alix box hopefully. Vlan tagging also possible there. Alix will be the controlling router station for failover). Currently pf supports to the best of my knowledge: a) rtable - this means i can create the routing tables with setfib and then use pass from .... rtable N( N >1 <16) or give out directly network ranges b) route-to - pass in/out on X from ... route-to c) packet tagging - i can tag networks and use standalone or through routing tags. Anyone aware if is it ok to use /etc/gateways without running routed or how can i label routes alternatively? If I apply the same for /etc/networks or both /etc/gateways and networks will it be ok? pass in from any to $big_salad via $fridge keep state for example? d) pass in from route N(192.168.1.1 for example) to... - saw this on http://www.mail-archive.com/pf@benzedrine.cx/msg07220.html and requires BGP to make tags speak anything but network numbers. e) use the vlan id's I'd much appreciate if someone thinks with me for the best options of using the setfib features along with pf. Thanks and regards, Dimitar Vassilev