Questions about PF + Multiple gateways + CARP on a public ip network

[kevin]

Hello,

 

I have a generally simplistic question about a potential scenario for a
FreeBSD PF with multiple gateways/routes.

 

The backend network would not consist of local or private ip addresses -
every device will have a public IP. There will be about 7 public subnets
that will be handled by the freebsd PF gateway.

 

What would be the ideal configuration for this scenario? Would I need to
configure all 7 subnets as persistate routes in rc.conf, and then have a nat
directive in pf for each subnet as well? I realize this question is
simplistic in nature, but I have only used pf in a public -> private network
scenario.

 

My concerns are just maintaining this moving forward. As I grow and add more
public subnets , I want to keep managing and maintaining the configuration
easy, if possible.

 

So in rc.conf :

 

static_routes="net1 net2 net3 net4 net5 net6 net7"

route_net1="-net b.b.b.b/a.a.a.a.a"

route_net2="-net c.c.c.c/a.a.a.a.a"

route_net3="-net d.d.d.d/a.a.a.a.a"

route_net4="-net e.e.e.e/a.a.a.a.a"

route_net5="-net f.f.f.f/a.a.a.a.a"

route_net6="-net g.g.g.g/a.a.a.a.a"

route_net7="-net h.h.h.h/a.a.a.a.a"

 

 

"a.a.a.a" would be the gateway for one of the 7 subnets. Each subnet should
have its own gateway that this freebsd router can route too from inside >
outside. Should the freebsd gateway have a gateway ip for each subnet
itself?

 

Taken my scenario at face value - what would the best way to configure the
PF / Gateway? Keeping in mind that all ips are going to be public ips.

 

 

If more information is required , please let me know. This is FreeBSD
8.0-RELEASE i386.

 

Thanks!