Server with multiple public IP
Dominic Froud
dom at talk2dom.com
Mon Apr 28 09:16:31 UTC 2014
On 28/04/2014 09:58, Andrea Venturoli wrote:
> I've got a server which has two (or more) interfaces with public IPs.
>
> Let's say, as an example (with fictional IPs):
> ifconfig_vlan1="inet 1.0.0.2 netmask 255.255.255.248..."
> ifconfig_vlan2="inet 2.0.0.2 netmask 255.255.255.248..."
>
> Of course, I can only have a default route, let's say 1.0.0.1.
> This is fine for outgoing traffic and for incoming connections on vlan1.
> However, when someone from the outside connects to 2.0.0.2, reply
> packets still go out through 1.0.0.1 (on vlan1), but they should go
> through vlan2 to 2.0.0.1
You want source-based routing.
I have this situation and I used pf(4) to do it with a rule like:
pass out quick route-to ( vlan2 ) from 2.0.0.0/29 to any no state
As a variation you can give an optional next-hop address if you have a
static router for that vlan, e.g. if your router is 2.0.0.1:
pass out quick route-to ( vlan2 2.0.0.1 ) from 2.0.0.0/29 to any no state
Also, you can run pf and ipfw at the same time!
Hope this helps,
Dominic
More information about the freebsd-net
mailing list