From owner-freebsd-net@FreeBSD.ORG Mon Jul 24 20:40:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE72316A4DE for ; Mon, 24 Jul 2006 20:40:15 +0000 (UTC) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E3D843D46 for ; Mon, 24 Jul 2006 20:40:15 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [10.251.18.229]) ([10.251.18.229]) by a50.ironport.com with ESMTP; 24 Jul 2006 13:40:15 -0700 Message-ID: <44C5302D.1020807@elischer.org> Date: Mon, 24 Jul 2006 13:40:13 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brian Candler References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724090909.GB3412@uk.tiscali.com> <200607241609.30783.zec@icir.org> <20060724192419.GA5474@uk.tiscali.com> In-Reply-To: <20060724192419.GA5474@uk.tiscali.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Marko Zec , Brett Glass Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 20:40:15 -0000 Brian Candler wrote: >On Mon, Jul 24, 2006 at 04:09:29PM +0200, Marko Zec wrote: > > >>>There's a project called 'vimage' which adds a separate virtual forwarding >>>table per jail. This might work for you, although all the natd's "outside" >>>interfaces would need to sit on the same interface, and I don't know if it >>>can do that. >>> >>> >>Yes this should work with a virtualized stack - all the "outsied" interfaces >>in each jail / virtual stack could be simply bridged together using netgraph >>which is virtualization-agnostic, i.e. a global facility in the current >>implementation of "vimage". >> >>Of course a significant problem might be that the stack virtualization patches >>exist only for FreeBSD 4.x, but there's a very good chance that a formal >>project aimed at bringing vimage into sync with 6.x and -CURRENT could start >>shortly... >> >> > >Also, what would really suit him is a netgraph IP interface node - i.e. >something which takes raw ethernet frames from the interface, performs IP >encapsulation/decapsulation and ARP - and an IP forwarding node with its own >forwarding table. Has anyone done any work in that area? It would be really >cool for VPN edge routing, for example. > > an ng_ip node :-) I've considerred it. >Regards, > >Brian. >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >