On 10/9/19 12:57 PM, Matthew Grooms wrote:
On 10/9/2019 2:50 PM, Julian Elischer wrote:
On 10/9/19 2:34 AM, Julien Cigar wrote:
On Tue, Oct 08, 2019 at 01:05:37PM -0700, Julian Elischer wrote:
On 10/8/19 8:58 AM, Julien Cigar wrote:
On Tue, Oct 08, 2019 at 10:20:34AM -0500, Matthew Grooms wrote:
Hi Julien,
Hi Matthew,
It's not clear why you are trying to assign multiple carp IP
address to
two different interfaces from within the same IP subnet. Are
you trying
to fail over a 2nd carp address or are you trying to improve
throughput/redundancy? If you just want to fail over a 2nd carp
address,
assign a 2nd alias to your first interface. If your trying to
improve
throughput/redundancy, assign both interfaces to a lagg and
build your
carp interfaces on top of that instead.
Currently outbound traffic from $net1 and $net2 (two private
networks)
pass through the same network interface (igb0) (as you can see
in (1)
in my previous post) on the router. I'd like to prevent that
$net2 saturates the interface and slow down traffic from $net1
(which is
more important). I could lagg and build CARP on top of that but it
wouldn't prevent $net2 to saturate the interface (unless I'm
plugin ALTQ
of course, which I'd like to avoid).
-Matthew
On 10/8/2019 8:48 AM, Julien Cigar wrote:
Hello,
I'd like to NAT outbound traffic from two different private
networks
through two different interfaces, with CARP on top. I have 4
public IPS
available (193.x.x.89, 193.x.x.90, 193.x.x.91, 193.x.x.92).
I have two redundant router/firewall running FreeBSD 12 with
CARP and
PF with the following: (1) which works well, but all traffic
goes through the same interface.
So I'd like to switch to something like (2), which will not
work (lines
5 and 13 are not valid) and I'm wondering if I could use
something like
(3) ..?
Thank you!
Julien
(1)
https://gist.github.com/silenius/4f6173a9b6690292c2174ab3bb89d292
(2)
https://gist.github.com/silenius/da9be7e74e9861fa55f927d194e3e410
(3)
https://gist.github.com/silenius/b237565b0d181248ff80ea296e5537db
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscr...@freebsd.org"
can you draw it?
yes, see https://ibb.co/mv5RPM9
so, you have several ways of doing this:
one is to assign a different routing table to each class of traffic.
Each table hasĀ a different default route, sending data out to a
different external interface.
Each interface out is NAT'd so that the return packets will come
back the same way.
How do you classify the traffic based on the source address when
using multiple route tables?
use ipfw to set the fib number based on some bits in the address of
the internal machine.
e.g. ipfw setfib 1 tcp from (some internal pattern) to (the outside)
in recv (internal interface) keep_state
There are several ways to do this.. this is just one... The above will
assign a dynamic rule for all packets between theĀ two machines and
the table in question will be always used. for that tupple.
But you only have a single pipe to the internet, So one wonders how
that helps with redundancy?
I asked a similar question. He believe he mentioned that he was
trying to get around the 1Gbit limit of each interface. WRT
redundancy, he probably means the use of a backup firewall, carp and
probably pfsync.
-Matthew
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
