Re: Julian's netowrking challenge 2005

• Previous message: Andrew White: "Re: Julian's netowrking challenge 2005"
• In reply to: Jeremie Le Hen: "Re: Julian's netowrking challenge 2005"
• Next in thread: Julian Elischer: "Re: Julian's netowrking challenge 2005"
• Reply: Julian Elischer: "Re: Julian's netowrking challenge 2005"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 28 Jun 2005 13:34:47 -0400
To: Jeremie Le Hen <jeremie@le-hen.org>

Jeremie Le Hen wrote:
[ ... ]
> PS: I'm seeing more and more requests about routing limitations in
> FreeBSD everyday, such as lack of multiple routing tables support, lack
> of source routing (as well as higher level protocol based routing).
> Are there actually some projects that are being worked on to overcome
> this ?

Sure. You can use IPFW to forward packets out via any interface you please,
based on any of the matching critera that IPFW's rulesets permit. You can also
run BGP/EGP sessions, OSPF, or other advanced routing protocols via routing
daemons like zebra/quagga/gated/whatever in the ports collection.

[ Most people don't understand Internet routing very well, they don't
understand subnetting or supernetting, they don't understand CIDR, and they
encounter problems which arise because they don't know how to set up a network
topology which is appropriate for the actual task they want to perform. ]

For the current problem, if you've got two servers which offer services to the
Internet, and have public IPs assigned to them, putting these boxes behind NAT
is causing problems because the topology doesn't match what the machines are
actually doing. Set up what E. Zwicky calls a "screened subnet architecture"
by moving these boxes into a seperate DMZ subnet, set up a local route for the
rest of the clients on the firewall which indicate that these boxes can be
reached via fxp0 rather than fxp1, so that traffic from the clients on the LAN
stays local rather than going out through one T1 and back in via the other.

-- 
-Chuck
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Andrew White: "Re: Julian's netowrking challenge 2005"
• In reply to: Jeremie Le Hen: "Re: Julian's netowrking challenge 2005"
• Next in thread: Julian Elischer: "Re: Julian's netowrking challenge 2005"
• Reply: Julian Elischer: "Re: Julian's netowrking challenge 2005"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Routing Problem ... Subject: Routing Problem ... each with a different subnet. ... it should use the second default gateway. ... > routers configured on multiple interfaces connected to two or more ... (freebsd-questions) Re: MultiHomed Workstation - Which NIC is being used? ... Regardless of which interface received ... the same routing rules apply for return traffic. ... >> the subnet mask. ... >> load balancing of multiple NICs and default gateways. ... (microsoft.public.win2000.networking) Re: Could an ICMP Redirect have disconnected my server? ... yes - but you seem to have a strange network ... does a routing table entry from an ICMP Redirect time out? ... systems with the same subnet number. ... (comp.os.linux.networking) Re: VPN connection works, lan access fails ... "real" routing going on because they are all in the same IP subnet. ... the LAN to pick up replies for the remotes. ... through the VPN server. ... (microsoft.public.win2000.ras_routing) Re: please advise - problem with routing ... > Sorry for the confusion, again, ther is cisco router which connects ... > "Dana Brash" wrote in message ... >> This configuration can be accomplished by changing the subnet mask on ... >> routing anything and just using a different subnet mask, ... (microsoft.public.windows.server.networking)