From owner-freebsd-net@FreeBSD.ORG Mon Jul 24 19:24:24 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 476C916A4E0 for ; Mon, 24 Jul 2006 19:24:24 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id C326043D45 for ; Mon, 24 Jul 2006 19:24:23 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 22BE52A312; Mon, 24 Jul 2006 15:24:23 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id CFDA964B91; Mon, 24 Jul 2006 15:24:20 -0400 (EDT) Received: from brian by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G562N-0001RX-CA; Mon, 24 Jul 2006 20:24:19 +0100 Date: Mon, 24 Jul 2006 20:24:19 +0100 From: Brian Candler To: Marko Zec Message-ID: <20060724192419.GA5474@uk.tiscali.com> References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724090909.GB3412@uk.tiscali.com> <200607241609.30783.zec@icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200607241609.30783.zec@icir.org> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org, Brett Glass Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 19:24:24 -0000 On Mon, Jul 24, 2006 at 04:09:29PM +0200, Marko Zec wrote: > > There's a project called 'vimage' which adds a separate virtual forwarding > > table per jail. This might work for you, although all the natd's "outside" > > interfaces would need to sit on the same interface, and I don't know if it > > can do that. > > Yes this should work with a virtualized stack - all the "outsied" interfaces > in each jail / virtual stack could be simply bridged together using netgraph > which is virtualization-agnostic, i.e. a global facility in the current > implementation of "vimage". > > Of course a significant problem might be that the stack virtualization patches > exist only for FreeBSD 4.x, but there's a very good chance that a formal > project aimed at bringing vimage into sync with 6.x and -CURRENT could start > shortly... Also, what would really suit him is a netgraph IP interface node - i.e. something which takes raw ethernet frames from the interface, performs IP encapsulation/decapsulation and ARP - and an IP forwarding node with its own forwarding table. Has anyone done any work in that area? It would be really cool for VPN edge routing, for example. Regards, Brian.