Date: Mon, 01 Jun 2009 01:44:29 +0300 From: Nikos Vassiliadis <nvass9573@gmx.com> To: Tim Judd <tajudd@gmail.com>, FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: dual gateways Message-ID: <4A23084D.6030704@gmx.com> In-Reply-To: <ade45ae90905311507m7e711b03if0fb00a91c21ff96@mail.gmail.com> References: <ade45ae90905311354h6b3f521eyff0239f86b9160b7@mail.gmail.com> <4A22FCE5.3030205@gmx.com> <ade45ae90905311507m7e711b03if0fb00a91c21ff96@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tim Judd wrote: > > > On Sun, May 31, 2009 at 3:55 PM, Nikos Vassiliadis <nvass9573@gmx.com > <mailto:nvass9573@gmx.com>> wrote: > > Tim Judd wrote: > > I know it is not typical, but here's my setup. > > I have a private IP scope (/24 block) split up. 2 /25's > > I have a box that has dual NICs. One is on the low /25 and one > is on the > high /25. The high /25 is only used for jails and his gateway is a > soekris/alix board that will function. I can't find out how to > get the high > /25 to assign an additional gateway that's directed toward the > soekris/alix > SBC. > > > Any tips or advice on how I can setup the high netblock to get > it to route > successfully to the SBC? > > > Something like: > [internet-IP router 10.0.0.1/25] > | > | > [10.0.0.129/25 FreeBSD 10.0.0.2/25] > | > | > [10.0.0.130/25 router internet-IP] > > Is this your setup? > OK, I am confused:) Could you please explain? > > > > > internet > router1 (192.168.0.1/25) > (192.168.0.2/25) router2 (192.168.0.129/25) > [192.168.0.5/25] Box with problems [192.168.0.130] > > All my jails on this box is on the top half, and i want the jails to go > through the 192.168.0.129/25 gateway (which in > turn goes through 0.1, but it's a matter of separating off hostile > computers in my lab that i work on ppls computers with. > > > Does this help? Yes, you want to use 192.168.0.2 as your default route and 192.168.0.129 as the default route for traffic originating from the jails 192.168.0.130/25. You can use a firewall to do such things, all three "FreeBSD" firewalls have this ca- pability. ipfw has the fwd action and pf has the route-to option to change the next hop to whatever the administrator desires. Check the manual of your favorite firewall. There is an other option, setfib. You could compile a kernel with multiple routing tables support and start the jails in the second routing table which would have 192.168.0.129 as the default router. HTH, Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A23084D.6030704>