Date: Mon, 28 Apr 2014 10:58:42 +0200 From: Andrea Venturoli <ml@netfence.it> To: freebsd-net@freebsd.org Subject: Server with multiple public IP Message-ID: <535E1842.20905@netfence.it>
next in thread | raw e-mail | index | archive | help
Hello. This has probably come up several times, however... I've got a server which has two (or more) interfaces with public IPs. Let's say, as an example (with fictional IPs): ifconfig_vlan1="inet 1.0.0.2 netmask 255.255.255.248..." ifconfig_vlan2="inet 2.0.0.2 netmask 255.255.255.248..." Of course, I can only have a default route, let's say 1.0.0.1. This is fine for outgoing traffic and for incoming connections on vlan1. However, when someone from the outside connects to 2.0.0.2, reply packets still go out through 1.0.0.1 (on vlan1), but they should go through vlan2 to 2.0.0.1 The only way I found so far to achieve this, is through ipfw: ipfw add 30 fwd 2.0.0.1 tcp from 2.0.0.2 to not 2.0.0.0/29 out This more or less works, but it will break ipfw firewalling (since after that rule matches, "the search terminates"). Besides, I don't feel this is a very clean solution. So I wonder: do other ways exist to achieve this? Any best practice? I thought natd might help, but found no reference to this functionality in its docs... Does any other program exists which I can "divert" packets to, which would modify and reinject them as natd does? Another thing I though of would be combining two firewalls (ipfw + pf/ipf), letting one do the filtering and leaving the above problem to the other. I'm not sure how hard this would be, however, so if a simple solution exists... Any hint appreciated. bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?535E1842.20905>