Date: Tue, 15 Feb 2011 13:27:22 -0500 From: "kevin" <k@kevinkevin.com> To: <freebsd-pf@freebsd.org> Subject: Questions about PF + Multiple gateways + CARP on a public ip network Message-ID: <00a401cbcd3d$fe313d10$fa93b730$@com>
next in thread | raw e-mail | index | archive | help
Hello, I have a generally simplistic question about a potential scenario for a FreeBSD PF with multiple gateways/routes. The backend network would not consist of local or private ip addresses - every device will have a public IP. There will be about 7 public subnets that will be handled by the freebsd PF gateway. What would be the ideal configuration for this scenario? Would I need to configure all 7 subnets as persistate routes in rc.conf, and then have a nat directive in pf for each subnet as well? I realize this question is simplistic in nature, but I have only used pf in a public -> private network scenario. My concerns are just maintaining this moving forward. As I grow and add more public subnets , I want to keep managing and maintaining the configuration easy, if possible. So in rc.conf : static_routes="net1 net2 net3 net4 net5 net6 net7" route_net1="-net b.b.b.b/a.a.a.a.a" route_net2="-net c.c.c.c/a.a.a.a.a" route_net3="-net d.d.d.d/a.a.a.a.a" route_net4="-net e.e.e.e/a.a.a.a.a" route_net5="-net f.f.f.f/a.a.a.a.a" route_net6="-net g.g.g.g/a.a.a.a.a" route_net7="-net h.h.h.h/a.a.a.a.a" "a.a.a.a" would be the gateway for one of the 7 subnets. Each subnet should have its own gateway that this freebsd router can route too from inside > outside. Should the freebsd gateway have a gateway ip for each subnet itself? Taken my scenario at face value - what would the best way to configure the PF / Gateway? Keeping in mind that all ips are going to be public ips. If more information is required , please let me know. This is FreeBSD 8.0-RELEASE i386. Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00a401cbcd3d$fe313d10$fa93b730$>