Tonix (Antonio Nati) wrote:
I'd like to know if these features are available in FreeBSD 8.0.* advanced routing (I miss the possibility to define routes based on sender IPs) * carpdev
Yes to both, if you enable pf. The advanced routing I think you're askingabout is generally described as 'policy based routing' -- look for the documentation on the 'route-to' keyword in pf rulesets:
http://openbsd.org/faq/pf/pools.html#outgoing If you implement CARP on a firewall pair, then you will need a carp0 pseudo interface -- this can be created and configured in /etc/rc.conf like so: cloned_interfaces="carp0" ifconfig_carp0="vhid 100 pass ~not~telling~you~ 192.0.2.1/24" FreeBSD-8.0 now also has the capability of using a per-application routing table, so you can change the routes for (say) apache or squid independently of what applies for the rest of the system. See setfib(1) for more information, plus recent examples of implementing this in RC scripts on the ports mailing list. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
