On Mon, Apr 28, 2014 at 11:16 AM, Dominic Froud <d...@talk2dom.com> wrote:
> On 28/04/2014 09:58, Andrea Venturoli wrote: > >> I've got a server which has two (or more) interfaces with public IPs. >> >> Let's say, as an example (with fictional IPs): >> ifconfig_vlan1="inet 1.0.0.2 netmask 255.255.255.248..." >> ifconfig_vlan2="inet 2.0.0.2 netmask 255.255.255.248..." >> >> Of course, I can only have a default route, let's say 1.0.0.1. >> This is fine for outgoing traffic and for incoming connections on vlan1. >> However, when someone from the outside connects to 2.0.0.2, reply packets >> still go out through 1.0.0.1 (on vlan1), but they should go through vlan2 >> to 2.0.0.1 >> > > You want source-based routing. > > I have this situation and I used pf(4) to do it with a rule like: > > pass out quick route-to ( vlan2 ) from 2.0.0.0/29 to any no state > > As a variation you can give an optional next-hop address if you have a > static router for that vlan, e.g. if your router is 2.0.0.1: > > pass out quick route-to ( vlan2 2.0.0.1 ) from 2.0.0.0/29 to any no state > > Also, you can run pf and ipfw at the same time! > > Hope this helps, > > Dominic > > You could put all the services which are on 2.0.0.2 in a separate fib and there have another default-route. Best regards Andreas _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
