Server with multiple public IP
ml at netfence.it
Wed May 14 10:26:11 UTC 2014
On 04/28/14 11:16, Dominic Froud wrote:
> On 28/04/2014 09:58, Andrea Venturoli wrote:
>> I've got a server which has two (or more) interfaces with public IPs.
>> Let's say, as an example (with fictional IPs):
>> ifconfig_vlan1="inet 184.108.40.206 netmask 255.255.255.248..."
>> ifconfig_vlan2="inet 220.127.116.11 netmask 255.255.255.248..."
>> Of course, I can only have a default route, let's say 18.104.22.168.
>> This is fine for outgoing traffic and for incoming connections on vlan1.
>> However, when someone from the outside connects to 22.214.171.124, reply
>> packets still go out through 126.96.36.199 (on vlan1), but they should go
>> through vlan2 to 188.8.131.52
> You want source-based routing.
> I have this situation and I used pf(4) to do it with a rule like:
> pass out quick route-to ( vlan2 ) from 184.108.40.206/29 to any no state
> As a variation you can give an optional next-hop address if you have a
> static router for that vlan, e.g. if your router is 220.127.116.11:
> pass out quick route-to ( vlan2 18.104.22.168 ) from 22.214.171.124/29 to any no state
> Also, you can run pf and ipfw at the same time!
> Hope this helps,
I ended up using this solution... so far so good (and so easy).
Thanks a lot.
More information about the freebsd-net