From owner-freebsd-questions@FreeBSD.ORG Tue Jun 21 01:36:27 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4BB90106566B for ; Tue, 21 Jun 2011 01:36:27 +0000 (UTC) (envelope-from jon@radel.com) Received: from wave.radel.com (wave.radel.com [216.143.151.4]) by mx1.freebsd.org (Postfix) with ESMTP id 088E18FC14 for ; Tue, 21 Jun 2011 01:36:26 +0000 (UTC) Received: by wave.radel.com (CommuniGate Pro PIPE 4.1.6) with PIPE id 10227570; Mon, 20 Jun 2011 21:36:26 -0400 Received: from [192.168.43.232] (account jon@radel.com HELO gravenstein.local) by wave.radel.com (CommuniGate Pro SMTP 4.1.6) with ESMTP-TLS id 10227568 for freebsd-questions@freebsd.org; Mon, 20 Jun 2011 21:36:18 -0400 Message-ID: <4DFFF591.6090801@radel.com> Date: Mon, 20 Jun 2011 21:36:17 -0400 From: Jon Radel User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <201106202107.p5KL7PW0091851@x.it.okstate.edu> <4DFFC61B.2080201@radel.com> <27899_1308609017_4DFFC9F9_27899_767_1_D9B37353831173459FDAA836D3B43499BF89C588@WADPMBXV0.waddell.com> <4DFFD0A7.8010806@radel.com> <4DFFE6B9.2020107@dichotomia.fr> In-Reply-To: <4DFFE6B9.2020107@dichotomia.fr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Radel.com-MailScanner-Information: Please contact Jon for more information X-Radel.com-MailScanner: Found to be clean X-Mailer: CommuniGate Pro CLI mailer Subject: Re: Two Networks on one System X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jun 2011 01:36:27 -0000 On 6/20/11 8:32 PM, Jerome Herman wrote: >> pass in on nic_a reply-to ($nic_a $gw_a) >> pass in on nic_b reply-to ($nic_b $gw_b) > From what I understand, there are two different ISP providing access to > two different interfaces. In this case I am very concerned with all the > bizarre things that a reply-to might trigger. > What I mean is that nothing guarantees that a distant address will > access the box from the same interface every time. Who cares? The interfaces have different addresses so any traffic that belongs together will go to only one interface. It's not like machines out there will alternate packets to two different destination IP addresses. They might alternate "connections," for a very broad definition of "connections," but that shouldn't present a problem. As for the rest, I think you're going waaaaaayyyyy beyond what the OP described as his problem: Setup two interfaces with different addresses which make use of different gateways as the addresses belong on different networks. Allow traffic to go to one address on one network until DNS glue records are changed and traffic starts going to a second address on a second network. I would suspect that he has stateful firewalls and/or anti-spoofing rules upstream from him that keep him from replying to everything out a single interface. If it weren't for that, I suspect we wouldn't be having this discussion. --Jon Radel jon@radel.com