From owner-freebsd-pf@FreeBSD.ORG Tue Jul 19 07:50:47 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37D7516A41C for ; Tue, 19 Jul 2005 07:50:47 +0000 (GMT) (envelope-from craig@aus.sh) Received: from mx1.aus.sh (mx1.aus.sh [203.144.22.158]) by mx1.FreeBSD.org (Postfix) with SMTP id 4FBF543D45 for ; Tue, 19 Jul 2005 07:50:43 +0000 (GMT) (envelope-from craig@aus.sh) Received: (qmail 73249 invoked from network); 19 Jul 2005 07:55:43 -0000 Received: from unknown (HELO ausshcraig) (203.144.20.190) by mx1.aus.sh with SMTP; 19 Jul 2005 07:55:43 -0000 From: "Craig - AUS.SHop" To: , Date: Tue, 19 Jul 2005 17:50:03 +1000 Message-ID: <008d01c58c36$888be7c0$0800a8c0@ausshcraig> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 In-Reply-To: <200507181441.11366.brad@shockwebhost.com> Importance: Normal Cc: Subject: RE: Multiple subnets X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2005 07:50:47 -0000 Hi Brad, I am new to freebsd-pf, however my decision to use it was based on exactly your predicament. After a bit of head scratching and Googling, I now have a 5.4 box with 4 interfaces (2 x WAN + 2 x lan) My WAN's are PPPOE and my LAN's are both public IP blocks (a /29 and a /27) I have a second firewall on one of the IP's which does NAT for another private lan My pfruleset allows unrestricted traffic across the lan's which is important since you don't want to be "talking" across the two WAN's when the boxes are all in the same room. Filtering is done on inbound on the two WAN's (tun0 and tun1 in my case). I use the reply-to feature on these pass rules to ensure that replies go out the same interface that the request came from. Outbound traffic from each subnet is directed out the appropriate WAN by passing in on the LAN interfaces with the route-to feature directing to the appropriate WAN interface. Happy to give you some examples if you want them. I don't know about doing it all on one WAN interface, but if your provider is happy to route both subnets over the one endpoint, then I cant see that it would be an issue. I wanted the additional bandwidth rather than the extra IP's, so it was important for me to keep the WAN interface separate Good luck Craig -----Original Message----- From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org] On Behalf Of Brad Bendy Sent: Tuesday, 19 July 2005 7:41 AM To: freebsd-pf@freebsd.org Subject: Multiple subnets Hello- I am wondering how I would go about having multiple WAN subnets coming over one ethernet interface, basically bridge mode I guess, then have firewall rulesets based on the destination IP. Right now I use m0n0wall with one WAN subnet, but I need to expand to have multiple CIDR blocks from my provider. I know there has to be a way to do this, but not sure how. Any help/links would be great! Thanks Brad _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"