Re: Features in 8.0?

Fri, 06 Nov 2009 01:31:00 -0800 

Matthew Seaman ha scritto:

Tonix (Antonio Nati) wrote:

I'd like to know if these features are available in FreeBSD 8.0.

   * advanced routing  (I miss the possibility to define routes based
     on sender IPs)
   * carpdev
Yes to both, if you enable pf. The advanced routing I think you're asking about is generally described as 'policy based routing' -- look for the documentation on the 'route-to' keyword in pf rulesets: 

 http://openbsd.org/faq/pf/pools.html#outgoing

If you implement CARP on a firewall pair, then you will need a carp0
pseudo interface -- this can be created and configured in /etc/rc.conf like 
so:

  cloned_interfaces="carp0"

  ifconfig_carp0="vhid 100 pass ~not~telling~you~ 192.0.2.1/24"
FreeBSD-8.0 now also has the capability of using a per-application routing table, so you can change the routes for (say) apache or squid independently 
of what applies for the rest of the system.  See setfib(1) for more
information, plus recent examples of implementing this in RC scripts on
the ports mailing list.


As far as I read, it is no to both.
About routes, if I type a "route" command I will not be able these routes. I hope to add a route with a command like "route add --from 192.168.16.0/24 ....", and I hope I can see all the routes in the system with the "route" command, without need to have two separate commands to merge. About carpdev, I already know carp is implemented, but up to now the OpenSBD carpdev, which let a virtual IP to bind an interface, is not implemented. The FreeBSD way forces to have one "fixed" ip for each interface on which we need a virtual IP. Impossible for complex networks. 

Thanks,

Tonino



    Cheers,

    Matthew




--
------------------------------------------------------------
in...@zioni Interazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it ------------------------------------------------------------ 

_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Reply via email to