From owner-freebsd-pf@FreeBSD.ORG Fri Jun 19 13:01:53 2015 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 28E6967A for ; Fri, 19 Jun 2015 13:01:53 +0000 (UTC) (envelope-from kajetan.staszkiewicz@innogames.com) Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3on0098.outbound.protection.outlook.com [157.55.234.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A51D52C1 for ; Fri, 19 Jun 2015 13:01:51 +0000 (UTC) (envelope-from kajetan.staszkiewicz@innogames.com) Authentication-Results: freebsd.org; dkim=none (message not signed) header.d=none; Received: from energia.localnet (2a00:1f78:fffb:320:6af7:28ff:fe68:c1f6) by AM3PR03MB1250.eurprd03.prod.outlook.com (10.163.185.12) with Microsoft SMTP Server (TLS) id 15.1.195.15; Fri, 19 Jun 2015 13:01:43 +0000 From: Kajetan Staszkiewicz To: Subject: Re: adding an additional block & gateway Date: Fri, 19 Jun 2015 15:01:36 +0200 Message-ID: <1704069.kZvlBVo68Y@energia> Organization: InnoGames GmbH User-Agent: KMail/4.14.1 (Linux/3.19.0-trunk-amd64; KDE/4.14.2; x86_64; ; ) In-Reply-To: <55839619.8000603@mantis.biz> References: <55839619.8000603@mantis.biz> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart9199065.CFbrja4Pd6"; micalg=pgp-sha1; protocol="application/pgp-signature" X-Originating-IP: [2a00:1f78:fffb:320:6af7:28ff:fe68:c1f6] X-ClientProxiedBy: DB5PR06CA0021.eurprd06.prod.outlook.com (25.162.165.31) To AM3PR03MB1250.eurprd03.prod.outlook.com (25.163.185.12) X-Microsoft-Exchange-Diagnostics: 1; AM3PR03MB1250; 2:Qznja6WfdAtBIzJLSUJwn2HjCzyAJ0MqfJ9BtNvBe6zfg0ikge6ZleC+Jl77kV3h; 3:C/o81PERoOJFG5ms226kphFOZnrkDEAhBPxF2W2kYXU8Jrg+eTuYFUJ/5+y0JL3esuRWYJeSWyDtm5sk8meyumhrS41gKfsUpZOGzB/TF5V7h4RA7IfULqOMuM51y7Yx+LblSsF7ydaZssR88a3l0A==; 20:voFMTyCHs4NmGMAVD4aQ79WWc3GB5UrxUkPl20WK9mD4Xp3A99vcYcwhxBWJ1FuhA8rXs7AjArbl5FUh3AVQ+D/Vf6TesnhkG7K3JFwoGbi/AEOtUVXPpD+3B5YyGlDG3viMTpGkivl1MxqKE8JcqBPC+x8xjXnrb8ksxJY8eb7hi+l4FPHjN415DZ/fOMPINS3gwAN2uGMW8ttPTPgDw0CEhGJF34oko1qdEyTFm/upMJWOaH6pbYNt2ymnsTsSiBWerOvow4WN0PHDQJI0cByOfkmxA7jmnY1YekTDuwTVuWVSmoGkyeBo7JdwhNVwC7WDrokPGFXUgSEo+agFYIByratoOFUs2E9gHY069uXPUbsX1WovTqj9/m/h4RSs8VP1ORFQHIncb9SXwsmdXuFcDcSQBNMZIsaheOLPsV0=; 4:WUaSxh8RB8uDaXJBGE9tXwhXo31Va4pnJUTnVYq1boSfBHRZTZcAxo8jloc02axZTO3ArKRLY/NKjtKh1NyooEuDrDslsAvco74i2lR+mUKT7bqpKc84ffg0SS9eO6PmhElIFnmlHllPJm98iwRIp5j8mKcH7slTw4LNi37MzOgBY5PcrINB8DZ/0v5IenE1IwG+3t73tsVZmCGqYiLDdbonAKB81nQElC+f4fYLKhV3+UwO4jQX9f0t6Eq6fmLziRzxAV5Y+0mneYrelwjXHhVN32c3cRFE/80h7e9jUU0= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM3PR03MB1250; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:AM3PR03MB1250; BCL:0; PCL:0; RULEID:; SRVR:AM3PR03MB1250; X-Forefront-PRVS: 0612E553B4 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(51704005)(19580395003)(74482002)(46102003)(84326002)(2950100001)(77096005)(4001350100001)(33716001)(2351001)(512874002)(122386002)(50986999)(76176999)(54356999)(92566002)(83506001)(110136002)(42186005)(77156002)(62966003)(5001960100002)(40100003)(572594003)(87976001)(189998001)(3826002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR03MB1250; H:energia.localnet; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; AM3PR03MB1250; 23:1iDk80KNwTOljKqvAtEdSW0B2i2BzJG9ObUUbLxLAc81h7DieoO5uaJ4QdW+qhIzSvp7pFfP8TIOj96lUQzssFDRNPK1T6FGR0UKW//NhVoM1B59Z7DBavV/NUcb0Om+WgD+ir3mDuVPeOCL10/FCJ8sg1dsP5PmBCQgb6MwsTVsLIHUussRaxpqMTZjnb2czMR6EY9l52GaU2/Gi6uaGaq6tht+/PXTXgtPJSH0mad2bK4OjkxlD/ofwpn6Tnnm5kQ47m/lw0sP/y4ghlmJ9tWP2O1qvJKPKv6kf1Wzt3DMPgzz/jRfvfChhp2rJGNCNCnS1KQyCxk+o4U2gmpdmTxbJEBVZg4LYL4HgWQdh9pIprRuoANIND6WPZB25BkcfDdK6xV0aYD2px3gBVx5Ww/ZwlPwrwsROgFzaWiB9aAKHx1xo2AvHle6zpSGurPvChWf4Ib8xwGAsd2HdEWRhp8GMR09Q6BqeOB3klec0VZC5KFqlbGF4ee8WjZeDFftqvoIem4+K2uzokUXtPKlQx+jeXX5CLVCdrWtCX9fhEE2xV5huiONtbM04jmsfpR4UP7QEhWnicxq7AKYSRuE/2g+KE+J6w5dYF0MwWr0VfcvTBrQHLAf0Cbaj/Fmva1smdvzE0Q7BnD78mijZBiL465GFAS7Wm9lMig/mRiCNkxovDNSOvPg46BTh/a6Ymi+bETcq6Iwt3LeVj99IKdUIV7ahFIkb538mEA9VzAm/z72HSw79/jLm6LG6CqaCyf0MwKjcP7Ohf8BxYvLwCsZvaLfu6Pzb4Nbo6WFCArlMe4=; 5:wDqR4C9IRRhjH82ov3QzwUMVfrHbMLNqGeCg+51kK6oDZwJh7VjWF8yMmnAKb1QvIyQX1ICulK9491UfwxDrUqx3xL+jHOt5exy64N4j63J5d1cmfHwefH/d8MfML3h5u+ZF5i0BTYQIacDRHDNYXg== X-Microsoft-Exchange-Diagnostics: 1; AM3PR03MB1250; 24:ubKpylyOKl2/B2NA6n+BIyq4KnU95rHRsRyM+slYyMwV8HVYCcZGh9UV8uSkfQvG1CbgFE1yVCPwsNH0atZqE/AbqEvcaSLI+PnzFiFMQm8=; 20:lpi7LNYAROfEspsLc1jHJLC91hgGQ+ZeMqTlZgP+Blx69UMssfnhMK70uWYnypwvmGzMp+Bxm9FaAh8oO3rNJQ== X-OriginatorOrg: innogames.de X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jun 2015 13:01:43.6877 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR03MB1250 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jun 2015 13:01:53 -0000 --nextPart9199065.CFbrja4Pd6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Dnia pi=C4=85tek, 19 czerwca 2015 00:10:01 Chuck @ Mantis pisze: > I'm currently using FreeBSD and PF as a gateway and firewall in front= of > a handful of web servers. >=20 > External: > defaultrouter=3D"79.112.227.33" > ifconfig_bge0=3D"inet 79.112.227.34 netmask 255.255.255.224" >=20 > I've asked the datacenter for an additional block and received: >=20 > Gateway : 60.34.75.209 > IP block : 60.34.75.208/28 > Subnet : 255.255.255.240 >=20 >=20 > Since the gateways are different, I'm assuming I need to use PF or BS= D > to somehow direct (route?) traffic which came via the new block out > through the new gateway? Are both subnets on-link or done by real routing? Of on-link and if bot= h are=20 on the same router and vlan from your provider, then it is going to wor= k fine=20 while using only one gateway. =2D-=20 Kajetan Staszkiewicz System Administrator Mobile: +49 151 4674 6636 InnoGames GmbH Friesenstra=C3=9Fe 13 - 20097 Hamburg - Germany Tel +49 40 7889335-0 Fax +49 40 7889335-22 Managing Directors: Hendrik Klindworth, Eike Klindworth, Michael Zillme= r VAT-ID: DE264068907 Amtsgericht Hamburg, HRB 108973 --nextPart9199065.CFbrja4Pd6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEABECAAYFAlWEErMACgkQ47RQr217OhTE3QCcDzD5nJGCEi7NpiUd8LQt1589 u0EAoNAGcDUp9qvJ8PCGqWfWtDoYIT82 =kgm1 -----END PGP SIGNATURE----- --nextPart9199065.CFbrja4Pd6--