Date: Mon, 24 Jul 2006 20:24:19 +0100 From: Brian Candler <B.Candler@pobox.com> To: Marko Zec <zec@icir.org> Cc: freebsd-net@freebsd.org, Brett Glass <brett@lariat.net> Subject: Re: Multiple NAT router Message-ID: <20060724192419.GA5474@uk.tiscali.com> In-Reply-To: <200607241609.30783.zec@icir.org> References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724090909.GB3412@uk.tiscali.com> <200607241609.30783.zec@icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 24, 2006 at 04:09:29PM +0200, Marko Zec wrote: > > There's a project called 'vimage' which adds a separate virtual forwarding > > table per jail. This might work for you, although all the natd's "outside" > > interfaces would need to sit on the same interface, and I don't know if it > > can do that. > > Yes this should work with a virtualized stack - all the "outsied" interfaces > in each jail / virtual stack could be simply bridged together using netgraph > which is virtualization-agnostic, i.e. a global facility in the current > implementation of "vimage". > > Of course a significant problem might be that the stack virtualization patches > exist only for FreeBSD 4.x, but there's a very good chance that a formal > project aimed at bringing vimage into sync with 6.x and -CURRENT could start > shortly... Also, what would really suit him is a netgraph IP interface node - i.e. something which takes raw ethernet frames from the interface, performs IP encapsulation/decapsulation and ARP - and an IP forwarding node with its own forwarding table. Has anyone done any work in that area? It would be really cool for VPN edge routing, for example. Regards, Brian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060724192419.GA5474>