Features in 8.0?

Tonix (Antonio Nati) tonix at interazioni.it
Fri Nov 6 09:29:47 UTC 2009 

Matthew Seaman ha scritto:
> Tonix (Antonio Nati) wrote:
>> I'd like to know if these features are available in FreeBSD 8.0.
>>
>>    * advanced routing  (I miss the possibility to define routes based
>>      on sender IPs)
>>    * carpdev
>
> Yes to both, if you enable pf.  The advanced routing I think you're 
> asking
> about is generally described as 'policy based routing' -- look for the 
> documentation on the 'route-to' keyword in pf rulesets:
>
>  http://openbsd.org/faq/pf/pools.html#outgoing
>
> If you implement CARP on a firewall pair, then you will need a carp0
> pseudo interface -- this can be created and configured in /etc/rc.conf 
> like
> so:
>
>   cloned_interfaces="carp0"
>
>   ifconfig_carp0="vhid 100 pass ~not~telling~you~ 192.0.2.1/24"
>
> FreeBSD-8.0 now also has the capability of using a per-application 
> routing
> table, so you can change the routes for (say) apache or squid 
> independently
> of what applies for the rest of the system.  See setfib(1) for more
> information, plus recent examples of implementing this in RC scripts on
> the ports mailing list.
>
As far as I read, it is no to both.

About routes, if I type a "route" command I will not be able these 
routes. I hope to add a route with a command like "route add --from 
192.168.16.0/24 ....", and I hope I can see all the routes in the system 
with the "route" command, without need to have two separate commands to 
merge.
About carpdev, I already know carp is implemented, but up to now the 
OpenSBD carpdev, which let a virtual IP to bind an interface, is not 
implemented. The FreeBSD way forces to have one "fixed" ip for each 
interface on which we need a virtual IP. Impossible for complex networks.

Thanks,

Tonino


>     Cheers,
>
>     Matthew
>


-- 
------------------------------------------------------------
        Inter at zioni            Interazioni di Antonio Nati 
   http://www.interazioni.it      tonix at interazioni.it           
------------------------------------------------------------

More information about the freebsd-stable mailing list