Chuck Swiger wrote:
Jeremie Le Hen wrote:
[ ... ]
PS: I'm seeing more and more requests about routing limitations in
FreeBSD everyday, such as lack of multiple routing tables support, lack
of source routing (as well as higher level protocol based routing).
Are there actually some projects that are being worked on to overcome
this ?
Sure. You can use IPFW to forward packets out via any interface you
please, based on any of the matching critera that IPFW's rulesets
permit. You can also run BGP/EGP sessions, OSPF, or other advanced
routing protocols via routing daemons like zebra/quagga/gated/whatever
in the ports collection.
[ Most people don't understand Internet routing very well, they don't
understand subnetting or supernetting, they don't understand CIDR, and
they encounter problems which arise because they don't know how to set
up a network topology which is appropriate for the actual task they
want to perform. ]
For the current problem, if you've got two servers which offer
services to the Internet, and have public IPs assigned to them,
putting these boxes behind NAT is causing problems because the
topology doesn't match what the machines are actually doing.
Well of course! however the topology WAS ok before all the
IPS got reassigned to soemone else.. (don't ask).
I'm trying to simulate a production environment with what I have on had,
which is a handful
of IP addresses. All while not stopping production or making changes
that will be a bigger pain
when the new IPs arrive.
Set up what E. Zwicky calls a "screened subnet architecture" by moving
these boxes into a seperate DMZ subnet, set up a local route for the
rest of the clients on the firewall which indicate that these boxes
can be reached via fxp0 rather than fxp1, so that traffic from the
clients on the LAN stays local rather than going out through one T1
and back in via the other.
doesn't really solve the problem I'm having butthanks for taking the
trouble to think about it.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
