Web Server supporting up to 4 WANs/Interfaces
Milan Obuch
freebsd-net at dino.sk
Fri Dec 17 07:21:46 UTC 2010
On Friday 17 December 2010 07:32:49 Jayster wrote:
[ fine comments on our OS trimmed ]
> Now the issue. Without too much detail, my device has 4 GigE ports on it.
> Each will be attached to a routed network. There is NO routing required
> between networks inside the box (not a router or firewall) and in fact, it
> CANNOT be allowed to happen because of security. Instead, each WAN port
> needs access to this box, but nothing beyond. The access consists of a Web
> Server, though several other Ports are required, such as SNMP Traps,
> Syslog, etc. Getting to the box is easy, routers do all the work. The
> issue is getting traffic back through the same interface it came in on and
> through the same router gateway. As we all know, only 1 gateway can be
> assigned in FreeBSD, unlike other flavors of Linux. Even the ones who
> don't offer single line gateway support can use IPTables to accomplish
> this task. But IPTables is not supported in FreeBSD. Not a bad thing as
> long as comparable solutions exist.
>
From this short description it looks like you are using standard internet
apps. Question is whether you need one instance of web server to serve
requests from all four ports (or in better words IMHO four networks if they
should not communicate here on box) or you could use four separate instances.
For the former you can use PF (I tested something similar with two network in
past) while for the later either multiple fibs or vimage solution is
available.
[ snip ]
> I have tried both PF and IPFW. Different posts around the web claim
> Multiple Gateway solutions using both of them. I have tried each of the
> recommended setups, but had no luck. If you read the last responses to
> each of those posts, others also state they could not duplicate what is
> claimed, as well. PF looks the most promising. It has "if-bound", which is
> supposed to keep interface traffic on the same interface. That is a good
> first step. But pointing it to the gateway on that interface is still an
> issue. Please HELP!!! I haven't slept in days and I've been stuck for a
> week now!!! This is our last showstopper.
>
There are some guides on net - but you should be able to find the basic in
'man pf.conf' - look for route-to and reply-to. I am not going to give you now
more details, sorry - writing just what I remember now could be misleading, I
did forget probably some details, but manual page has all basic info
necessary. This way you could do some 'source routing policy', which could be
a solution to your problem.
Hope this helps a bit, at least.
Regards,
Milan
More information about the freebsd-net
mailing list