From owner-freebsd-questions@FreeBSD.ORG Sun Jan 11 20:04:57 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 48EC0106566B for ; Sun, 11 Jan 2009 20:04:57 +0000 (UTC) (envelope-from dimitar.vassilev@gmail.com) Received: from mail-gx0-f11.google.com (mail-gx0-f11.google.com [209.85.217.11]) by mx1.freebsd.org (Postfix) with ESMTP id E1E4F8FC19 for ; Sun, 11 Jan 2009 20:04:56 +0000 (UTC) (envelope-from dimitar.vassilev@gmail.com) Received: by gxk4 with SMTP id 4so2256489gxk.19 for ; Sun, 11 Jan 2009 12:04:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=+S5pRLaDeC++7++XKMIryxzl8by0JQ5MJ7cFk8hekB4=; b=Rz55anmi2BMZbzvnmkcjy+xSySMIn4J2PpdWEwgjemT6do7DCAMvy01SKnKychmsPF oQmZ+J32R6z20he22RpAvCs9dG8EtZlEZ3ffg9VFxX4sdTR76pgM0DF9+zpR9a4LOjbB mbrLRRp0jPwiaIZwMEdzeoo9MC2v7iWzl23dc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=cqoGNt5/sAvMl44d/Qc/9bJEZM3BAw+ZMq6yKOFDJDZQBqAaE1DclwlSjfDcduaKpk OLQ6ICVbgiwim0t6n8ctYurI0XE1cykpqxcNJvFsVCb9vFa5yD6WVUNScUbQ29Z0SV4L GEV15IiZyDJ/lT4OAs/gl0+WNvy7D8I3ibW64= Received: by 10.150.134.21 with SMTP id h21mr870224ybd.118.1231704296325; Sun, 11 Jan 2009 12:04:56 -0800 (PST) Received: by 10.151.133.7 with HTTP; Sun, 11 Jan 2009 12:04:56 -0800 (PST) Message-ID: <59adc1a0901111204xaf7fbd1v58f6fde0ec1c4e52@mail.gmail.com> Date: Sun, 11 Jan 2009 22:04:56 +0200 From: "Dimitar Vasilev" To: "freebsd-questions@freebsd.org" In-Reply-To: <59adc1a0901062205l2bdaaa4enf6f08c0b6cd7f539@mail.gmail.com> MIME-Version: 1.0 References: <59adc1a0901062205l2bdaaa4enf6f08c0b6cd7f539@mail.gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: setfib+pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jan 2009 20:04:57 -0000 2009/1/7 Dimitar Vasilev > Hello, > > I'd like to ask on the best options for using setfib and pf in a non-BGP > environment. I will run 2 uplinks, with VLANs for internal networks and want > to fail over external links if one of them fails. > Currently pf supports to the best of my knowledge: > > a) rtable - this means i can create the routing tables with setfib and then > use pass from .... rtable N( N >1 <16) or give out directly network ranges > b) route-to - pass in/out on X from ... route-to > c) packet tagging - i can tag networks and use standalone or through > routing tags. Anyone aware if is it ok to use /etc/gateways without running > routed or how can i label routes alternatively? > d) pass in from route N(192.168.1.1 from example) to... - saw this on > http://www.mail-archive.com/pf@benzedrine.cx/msg07220.html and requires > BGP to make tags speak anything but network numbers. > e) use the vlan id's > > I'd much appreciate if someone thinks with me for the best options of using > the setfib features along with pf. > Thanks! > Best regards, > Dimitar Vassilev > > Hi, could someone confirm which of the features above are working with setfib? Seeking for the laziest and most efficient ways. If no answer received, I will try all of them 2-3 weeks later when my gear arrives. Thanks. Best regards, Dimitar Vassilev