On 04/28/14 11:16, Dominic Froud wrote:
On 28/04/2014 09:58, Andrea Venturoli wrote:
I've got a server which has two (or more) interfaces with public IPs.
Let's say, as an example (with fictional IPs):
ifconfig_vlan1="inet 1.0.0.2 netmask 255.255.255.248..."
ifconfig_vlan2="inet 2.0.0.2 netmask 255.255.255.248..."
Of course, I can only have a default route, let's say 1.0.0.1.
This is fine for outgoing traffic and for incoming connections on vlan1.
However, when someone from the outside connects to 2.0.0.2, reply
packets still go out through 1.0.0.1 (on vlan1), but they should go
through vlan2 to 2.0.0.1
You want source-based routing.
I have this situation and I used pf(4) to do it with a rule like:
pass out quick route-to ( vlan2 ) from 2.0.0.0/29 to any no state
As a variation you can give an optional next-hop address if you have a
static router for that vlan, e.g. if your router is 2.0.0.1:
pass out quick route-to ( vlan2 2.0.0.1 ) from 2.0.0.0/29 to any no state
Also, you can run pf and ipfw at the same time!
Hope this helps,
I ended up using this solution... so far so good (and so easy).
Thanks a lot.
bye
av.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
