Asymmetric routing with FreeBSD on Amazon EC2 within VPC

[krad]

oh and dont run pf if you are going to try vnet jails as the two dont play
at present

On 20 May 2015 at 08:35, krad <kraduk at gmail.com> wrote:

> you best bet is to probably run 2 vnet jails one for each ip. Annoying to
> have to have the extra maintenance and resource overhead I know, but its
> not a bad thing security wise
>
> On 20 May 2015 at 04:56, Adrian Chadd <adrian at freebsd.org> wrote:
>
>> Hi,
>>
>> So the "freebsd clean" solution would be to create two listen sockets,
>> one per IP address, and and have each IP address / routing table in a
>> separate FIB, or separate vnet.
>>
>> I don't know if anyone has set that up though. It would be nice to
>> teach some web servers and proxy serversabout FreeBSD FIBs.
>>
>>
>>
>> -adrian
>>
>>
>> On 19 May 2015 at 12:22, Patrick Gibson <gibblertron at gmail.com> wrote:
>> > I'm wondering if anyone has managed to figure out a way to have an
>> > Amazon EC2 instance behind a VPC work with multiple public IP
>> > addresses? The issue is with asymmetric routing. It's been resolved in
>> > the Linux world
>> > (http://blog.bluemalkin.net/multiple-ips-and-enis-on-ec2-in-a-vpc/),
>> > but I can't seem to get it working under FreeBSD. Using the setfib
>> > command, I'm able to manually go out through either interface, but for
>> > incoming packets to a webserver that listens to both interfaces, no
>> > dice. :(
>> >
>> > Patrick
>> > _______________________________________________
>> > freebsd-questions at freebsd.org mailing list
>> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> > To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
>
>