|

»

Features in 8.0?

View: New views

3 Messages — Rating Filter: Alert me

	Features in 8.0? by tonix (Antonio Nati) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I'd like to know if these features are available in FreeBSD 8.0. * advanced routing (I miss the possibility to define routes based on sender IPs) * carpdev Thanks, Tonino -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@... ------------------------------------------------------------ _______________________________________________ freebsd-stable@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@..."
	Re: Features in 8.0? by Matthew Seaman-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Tonix (Antonio Nati) wrote: > I'd like to know if these features are available in FreeBSD 8.0. > > * advanced routing (I miss the possibility to define routes based > on sender IPs) > * carpdev Yes to both, if you enable pf. The advanced routing I think you're asking about is generally described as 'policy based routing' -- look for the documentation on the 'route-to' keyword in pf rulesets: http://openbsd.org/faq/pf/pools.html#outgoing If you implement CARP on a firewall pair, then you will need a carp0 pseudo interface -- this can be created and configured in /etc/rc.conf like so: cloned_interfaces="carp0" ifconfig_carp0="vhid 100 pass ~not~telling~you~ 192.0.2.1/24" FreeBSD-8.0 now also has the capability of using a per-application routing table, so you can change the routes for (say) apache or squid independently of what applies for the rest of the system. See setfib(1) for more information, plus recent examples of implementing this in RC scripts on the ports mailing list. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc (267 bytes) Download Attachment
	Re: Features in 8.0? by tonix (Antonio Nati) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Matthew Seaman ha scritto: > Tonix (Antonio Nati) wrote: >> I'd like to know if these features are available in FreeBSD 8.0. >> >> * advanced routing (I miss the possibility to define routes based >> on sender IPs) >> * carpdev > > Yes to both, if you enable pf. The advanced routing I think you're > asking > about is generally described as 'policy based routing' -- look for the > documentation on the 'route-to' keyword in pf rulesets: > > http://openbsd.org/faq/pf/pools.html#outgoing > > If you implement CARP on a firewall pair, then you will need a carp0 > pseudo interface -- this can be created and configured in /etc/rc.conf > like > so: > > cloned_interfaces="carp0" > > ifconfig_carp0="vhid 100 pass ~not~telling~you~ 192.0.2.1/24" > > FreeBSD-8.0 now also has the capability of using a per-application > routing > table, so you can change the routes for (say) apache or squid > independently > of what applies for the rest of the system. See setfib(1) for more > information, plus recent examples of implementing this in RC scripts on > the ports mailing list. > As far as I read, it is no to both. About routes, if I type a "route" command I will not be able these routes. I hope to add a route with a command like "route add --from 192.168.16.0/24 ....", and I hope I can see all the routes in the system with the "route" command, without need to have two separate commands to merge. About carpdev, I already know carp is implemented, but up to now the OpenSBD carpdev, which let a virtual IP to bind an interface, is not implemented. The FreeBSD way forces to have one "fixed" ip for each interface on which we need a virtual IP. Impossible for complex networks. Thanks, Tonino > Cheers, > > Matthew > -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@... ------------------------------------------------------------ _______________________________________________ freebsd-stable@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@..."