Date: Mon, 28 Apr 2014 11:18:50 +0200 From: Andreas Nilsson <andrnils@gmail.com> To: Dominic Froud <dom@talk2dom.com> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: Server with multiple public IP Message-ID: <CAPS9%2BSuGbQgZ0yM5HSy8KhPRF_-7ixuMf26DHJ27XqoJWPZX1A@mail.gmail.com> In-Reply-To: <535E1C66.6090004@talk2dom.com> References: <535E1842.20905@netfence.it> <535E1C66.6090004@talk2dom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 28, 2014 at 11:16 AM, Dominic Froud <dom@talk2dom.com> wrote: > On 28/04/2014 09:58, Andrea Venturoli wrote: > >> I've got a server which has two (or more) interfaces with public IPs. >> >> Let's say, as an example (with fictional IPs): >> ifconfig_vlan1="inet 1.0.0.2 netmask 255.255.255.248..." >> ifconfig_vlan2="inet 2.0.0.2 netmask 255.255.255.248..." >> >> Of course, I can only have a default route, let's say 1.0.0.1. >> This is fine for outgoing traffic and for incoming connections on vlan1. >> However, when someone from the outside connects to 2.0.0.2, reply packets >> still go out through 1.0.0.1 (on vlan1), but they should go through vlan2 >> to 2.0.0.1 >> > > You want source-based routing. > > I have this situation and I used pf(4) to do it with a rule like: > > pass out quick route-to ( vlan2 ) from 2.0.0.0/29 to any no state > > As a variation you can give an optional next-hop address if you have a > static router for that vlan, e.g. if your router is 2.0.0.1: > > pass out quick route-to ( vlan2 2.0.0.1 ) from 2.0.0.0/29 to any no state > > Also, you can run pf and ipfw at the same time! > > Hope this helps, > > Dominic > > You could put all the services which are on 2.0.0.2 in a separate fib and there have another default-route. Best regards Andreas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPS9%2BSuGbQgZ0yM5HSy8KhPRF_-7ixuMf26DHJ27XqoJWPZX1A>