setfib+pf
Julian Elischer
julian at elischer.org
Tue Jan 13 09:59:05 PST 2009
Dimitar Vasilev wrote:
> Hi, I originally posted my message to questions, however no response for
> about a week. Therefore I'm reposting here. Original question available at
> http://lists.freebsd.org/pipermail/freebsd-questions/2009-January/190056.html
> For those who prefer reading human text, here are my questions:
>
> I'd like to ask on the best options for using setfib and pf in a non-BGP
> environment. I will run 2 uplinks, with VLANs for internal networks and want
> to fail over external links if one of them fails.(Extended note as of 13.01:
> Uplink routers will be a WRT54GL with OpenWRT and an Alix box hopefully.
> Vlan tagging also possible there. Alix will be the controlling router
> station for failover).
>
> Currently pf supports to the best of my knowledge:
>
> a) rtable - this means i can create the routing tables with setfib and then
> use pass from .... rtable N( N >1 <16) or give out directly network ranges
( 0 <= N < 16 ) i.e. 0 through 15 (for now)
> b) route-to - pass in/out on X from ... route-to
> c) packet tagging - i can tag networks and use standalone or through routing
> tags. Anyone aware if is it ok to use /etc/gateways without running routed
> or how can i label routes alternatively? If I apply the same for
> /etc/networks or both /etc/gateways and networks will it be ok?
>
> pass in from any to $big_salad via $fridge keep state for example?
>
> d) pass in from route N(192.168.1.1 for example) to... - saw this on
> http://www.mail-archive.com/pf@benzedrine.cx/msg07220.html and requires BGP
> to make tags speak anything but network numbers.
> e) use the vlan id's
>
> I'd much appreciate if someone thinks with me for the best options of using
> the setfib features along with pf.
I know setfib but I don't know pf unfortunately.. I use ipfw
(which is why ipfw has fib support :-)
possibly Max Lair may know both..
>
> Thanks and regards,
> Dimitar Vassilev
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list