From owner-freebsd-questions@FreeBSD.ORG Wed Jan 7 06:37:26 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 950AC1065675 for ; Wed, 7 Jan 2009 06:37:26 +0000 (UTC) (envelope-from dimitar.vassilev@gmail.com) Received: from mail-gx0-f11.google.com (mail-gx0-f11.google.com [209.85.217.11]) by mx1.freebsd.org (Postfix) with ESMTP id 39E118FC1C for ; Wed, 7 Jan 2009 06:37:26 +0000 (UTC) (envelope-from dimitar.vassilev@gmail.com) Received: by gxk4 with SMTP id 4so262711gxk.19 for ; Tue, 06 Jan 2009 22:37:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=Dmj1iuwxG6QWm+DdSC2Xdr3PxU/20nmvHZKfbCKsbKs=; b=pV8XXq5dsyFWBO0zfZgtky24ERXRZn4BUlU9lAnzSi52g774Dgs08ry/yjHJsvJ1Na 7p1DxqP2rbonqApolHmtaDozV9H6e3x5LfRtuDeQeSsqRIpzZ4cLyhpYRNL3xTP5Dp1K FCNwqtcToLos83n9bZkkXDi49HP45BmmMZyrc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=I8VbVYUQ+fzFDwrRk9shBwTQmeoThjqQhHG9i+RLFn5F5cHczeIEETHGC04qREYzqg COFCxeOIOSHtctFdScDKAoNASQMtL0d9o5pK4zOnIk+mRwuEGAGR6rrK+MRwj10JDu3u xO93JQRUznWQz+Pq1Xqzvf4e3YTrljG8yoRHA= Received: by 10.150.182.17 with SMTP id e17mr19780239ybf.137.1231308344795; Tue, 06 Jan 2009 22:05:44 -0800 (PST) Received: by 10.151.128.12 with HTTP; Tue, 6 Jan 2009 22:05:44 -0800 (PST) Message-ID: <59adc1a0901062205l2bdaaa4enf6f08c0b6cd7f539@mail.gmail.com> Date: Wed, 7 Jan 2009 08:05:44 +0200 From: "Dimitar Vasilev" To: "freebsd-questions@freebsd.org" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: setfib+pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jan 2009 06:37:26 -0000 Hello, I'd like to ask on the best options for using setfib and pf in a non-BGP environment. I will run 2 uplinks, with VLANs for internal networks and want to fail over external links if one of them fails. Currently pf supports to the best of my knowledge: a) rtable - this means i can create the routing tables with setfib and then use pass from .... rtable N( N >1 <16) or give out directly network ranges b) route-to - pass in/out on X from ... route-to c) packet tagging - i can tag networks and use standalone or through routing tags. Anyone aware if is it ok to use /etc/gateways without running routed or how can i label routes alternatively? d) pass in from route N(192.168.1.1 from example) to... - saw this on http://www.mail-archive.com/pf@benzedrine.cx/msg07220.html and requires BGP to make tags speak anything but network numbers. e) use the vlan id's I'd much appreciate if someone thinks with me for the best options of using the setfib features along with pf. Thanks! Best regards, Dimitar Vassilev