Server with multiple public IP
Andrea Venturoli
ml at netfence.it
Mon Apr 28 08:59:04 UTC 2014
Hello.
This has probably come up several times, however...
I've got a server which has two (or more) interfaces with public IPs.
Let's say, as an example (with fictional IPs):
ifconfig_vlan1="inet 1.0.0.2 netmask 255.255.255.248..."
ifconfig_vlan2="inet 2.0.0.2 netmask 255.255.255.248..."
Of course, I can only have a default route, let's say 1.0.0.1.
This is fine for outgoing traffic and for incoming connections on vlan1.
However, when someone from the outside connects to 2.0.0.2, reply
packets still go out through 1.0.0.1 (on vlan1), but they should go
through vlan2 to 2.0.0.1
The only way I found so far to achieve this, is through ipfw:
ipfw add 30 fwd 2.0.0.1 tcp from 2.0.0.2 to not 2.0.0.0/29 out
This more or less works, but it will break ipfw firewalling (since after
that rule matches, "the search terminates"). Besides, I don't feel this
is a very clean solution.
So I wonder: do other ways exist to achieve this? Any best practice?
I thought natd might help, but found no reference to this functionality
in its docs...
Does any other program exists which I can "divert" packets to, which
would modify and reinject them as natd does?
Another thing I though of would be combining two firewalls (ipfw +
pf/ipf), letting one do the filtering and leaving the above problem to
the other.
I'm not sure how hard this would be, however, so if a simple solution
exists...
Any hint appreciated.
bye & Thanks
av.
More information about the freebsd-net
mailing list