Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 15 Jan 2009 13:37:41 +0200
From:      "Dimitar Vasilev" <dimitar.vassilev@gmail.com>
To:        "Julian Elischer" <julian@elischer.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: setfib+pf
Message-ID:  <59adc1a0901150337n5fa35de0vd079f8e764d13b31@mail.gmail.com>
In-Reply-To: <496ECB47.4060005@elischer.org>
References:  <59adc1a0901122114v15efa47ahba8beef6ace4ddb0@mail.gmail.com> <496CCFBF.3010008@elischer.org> <59adc1a0901142032u5c6bb08y5c8768aa43d1d56a@mail.gmail.com> <496ECB47.4060005@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
2009/1/15 Julian Elischer <julian@elischer.org>

> Dimitar Vasilev wrote:
>
>>        <cut>
>>
>>        I'd much appreciate if someone thinks with me for the best
>>        options of using
>>        the setfib features along with pf.
>>
>>
>>    I know setfib but I don't know pf unfortunately.. I use ipfw
>>    (which is why ipfw has fib support :-)
>>
>>
>>    possibly Max Lair may know both..
>>
>> Hi Julian,
>> Could you sched some light on the ipfw and setfib as an example. Seems the
>> person you're referring to is busy. The rest I will figure out on my own. If
>> there are results - I will share back.
>> Thanks,
>> Dimitar
>>
>
>
> well, you need to tell me a little more about what you want to do.

Thanks - here is the schema:

Lan1(browsing clients)
 |
--------------             ----------------
|  WRT   |-------------|   ALIX     |-----------Lan2 (DMZ stuff, splitted
into various networks, vlans,etc)
--------------             ---------------
        |                     |
    -----------            ----------------
    | Uplink|           | Uplink     |
    ------------           ----------------


I will have two uplinks and would like to failover uplink of clients from
lan 1 and lan 2 depending on which link is up, keeping Lan2 accessible via
the both uplinks, using something like tunnel1.foobar and tunnel2.foobar, as
well as keeping LAN2 isolated from the clients via vlan and firewall rules
allowing ssh mostly. As will have various private networks,tunnels,etc and
no BGP, I would like to take advantage of setfib. Thanks.
Best regards,
Dimitar Vassilev

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?59adc1a0901150337n5fa35de0vd079f8e764d13b31>