Feature #1113
closed
WAN Interfaces with the same Gateway
0%
Description
if someone has two Cablemodems from the same provider and get via DHCP different IP-Adresses, but the same gateway, then the static routing goes wrong.
The typical solution is to NAT one of the Lines with a small router. I think it would be an idea, do build this small Router direct on the pfsense in a BSD-Jail what performs only the NAT, so that we didn't have two static routes in the system routing table. I would build this, but my BSD knowledge is nearly zero. Perhaps it can be a package.
Falk
Updated by Chris Buechler over 13 years ago
- Status changed from New to Rejected
duplicate of #228. please look at the open features before opening one.
Updated by Falk Nisius over 13 years ago
excuse, but my proposal is not the duplicate of the problem, what is part of the system, it is a way for the solution, that can be a feature.
The BSD-Jail get the control over one of the WAN-Ports, Creates a TUN Interface, makes a NAT between. And the TUN Interface becomes the official gateway. Logging, configuring can performed at the same box, can be included in the pfsense Interface, not on an small external router.
Falk
Updated by Chris Buechler over 13 years ago
that's not a viable solution for the same reasons it doesn't work without having a jail, and it's extremely ugly. it'll require a kernel-based solution without jails.
Updated by Falk Nisius over 13 years ago
Yes You are right its ugly, but a small router with a 9V DC power supply beside is much uglier. I thought, that in FreeBSD 8, with the VIMAGE Project (http://imunes.tel.fer.hr/virtnet/ the page is offline in the moment) it would be possible to have different routing tables in each jail. I found at a first view: http://bsdbased.com/2009/12/06/freebsd-8-vimage-epair-howto.
Falk
Updated by Falk Nisius over 13 years ago
excuse my investigation, its only for my understanding. if I wish to send an ip-packet from my box to an ip-adress, i make routing decision on layer 3 with the help of my routing table and perhaps with a pf rule to choose the right interface. Regardless of the decision the kernel know on which interface the packet has to be send. After that some code has to find the corresponding layer 2 address for target ip, in our case a mac address for the ethernet port. If each interface managed this by its own, than i couldn't see any problem. if this is centraliced without an binding on a interface, than I understand the problem, and I think disabling of arp-caching is not a solution.
Falk
Updated by Chris Buechler over 13 years ago
There's one ARP table for the entire system regardless of how many NICs or jails or routing tables you have, and that association goes to one NIC only (which can arbitrarily change even, where multiple NICs have the same IP subnet on them), that's the main chunk of the issue. It's impossible to do on a single FreeBSD system at this point with any solution.
Updated by Falk Nisius over 13 years ago
ok, but couldn't be an arp-proxy the solution of the problem ?
Falk