dual gateways

Nikos Vassiliadis nvass9573 at gmx.com
Sun May 31 22:45:34 UTC 2009 

Tim Judd wrote:
> 
> 
> On Sun, May 31, 2009 at 3:55 PM, Nikos Vassiliadis <nvass9573 at gmx.com 
> <mailto:nvass9573 at gmx.com>> wrote:
> 
>     Tim Judd wrote:
> 
>         I know it is not typical, but here's my setup.
> 
>         I have a private IP scope (/24 block) split up.  2 /25's
> 
>         I have a box that has dual NICs.  One is on the low /25 and one
>         is on the
>         high /25.  The high /25 is only used for jails and his gateway is a
>         soekris/alix board that will function.  I can't find out how to
>         get the high
>         /25 to assign an additional gateway that's directed toward the
>         soekris/alix
>         SBC.
> 
> 
>         Any tips or advice on how I can setup the high netblock to get
>         it to route
>         successfully to the SBC?
> 
> 
>     Something like:
>     [internet-IP router 10.0.0.1/25]
>                                 |
>                                 |
>     [10.0.0.129/25 FreeBSD 10.0.0.2/25]
>        |
>        |
>     [10.0.0.130/25 router internet-IP]
> 
>     Is this your setup?
>     OK, I am confused:) Could you please explain?
> 
> 
> 
> 
> internet
>   router1 (192.168.0.1/25)
>     (192.168.0.2/25) router2 (192.168.0.129/25) 
>       [192.168.0.5/25] Box with problems [192.168.0.130]
> 
> All my jails on this box is on the top half, and i want the jails to go 
> through the 192.168.0.129/25 gateway (which in 
> turn goes through 0.1, but it's a matter of separating off hostile 
> computers in my lab that i work on ppls computers with.
> 
> 
> Does this help?

Yes, you want to use 192.168.0.2 as your default route and
192.168.0.129 as the default route for traffic originating
from the jails 192.168.0.130/25. You can use a firewall to
do such things, all three "FreeBSD" firewalls have this ca-
pability. ipfw has the fwd action and pf has the route-to
option to change the next hop to whatever the administrator
desires. Check the manual of your favorite firewall.

There is an other option, setfib. You could compile a kernel
with multiple routing tables support and start the jails in
the second routing table which would have 192.168.0.129 as
the default router.

HTH, Nikos

More information about the freebsd-questions mailing list