Welcome to part one of my multipart series on IPv6. In this post I’ll cover how to configure a FreeBSD host to use a static IPv6 address. The host used runs FreeBSD 8.2, but it should be applicable to just about any version of FreeBSD with IPv6 support.
Continue reading »
Something has been bugging me for several years now. In that time I have usually had access to multiple WAN connections, owing to my participation in the telecom industry. However, I’ve never been able to get SSHD to behave the way I wanted it to. I wanted to be able to connect to the SSH daemon on my (FreBSD) router from whichever WAN connection I wanted. Unfortunately, SSHD is stuborn about always routing its response to the default gateway of the router, which breaks an SSH connection coming in from the secondary WAN connection.
I have finally, at long last, found the solution.
Continue reading »
Or How I learned to stop worrying and love my dual WAN with routed subnet and policy based routing pf firewall
One of the reasons I continue to use FreeBSD for my gateway/router/firewall is the pf firewall. My routing needs are way more elaborate than anything a pre-cooked router package like DD-WRT or even pfSense can do, so I have to roll my own firewall. Currently I have two DSL connections, through two different companies. I have a dynamic IP connection from my employer, Primus Canda, and I have a static IP connection with a routed /30 subnet from TekSavvy.
My setup needs to satisfy the following requirements:
For the connection for the LAN, the traffic shaping needs to do the following:
For the connection with the routed subnet, the requirements are a little different:
This is all possible with pf, and I find the pf.conf format to be far more readable and thus less prone to errors than an iptables config file. To accomplish this I use packet tagging to label packets, and then use policy based routing to direct and control the traffic.
I’ve been running Multilink PPP with FreeBSD for several years now. Multilink PPP (sometimes called MLPPP) is a subset of the PPP protocol that allows you to bond multiple PPP tunnels and treat them as one much larger tunnel. Several DSL providers (particularly TekSavvy in Canada) support Multilink PPP on their DSL networks, allowing users to bond multiple DSL lines into one large pipe.
The technical details of Multilink PPP are pretty simple, though it can be configured in either a packet splitting or round robin fashion. When configured for packet splitting, a router that is about to transmit a packet down an MLPPP link will first split the packet in half, then add a 6KB MLPPP header (really just a sequence number) to each half of the packet, and send the half-packets down each link. On the other end of the MLPPP link, the receiving router will take the two halves (identified by the matching MLPPP headers) and reconstitute the original packet. In round robin mode the MLPPP header is added to the whole packet (meaning the MTU of the link is 6KB smaller or else packet fragmentation will occur) and sent out the links in a round robin fashion.
In FreeBSD it’s easy to setup just about any Multilink PPP configuration you want. I’ve run it with three DSL lines (total usable throughput: 15 megabits). Presently I’m running over one DSL line but with two PPPoE tunnels first multiplexed at the DSL frame level and then bonded at the PPP level. The purpose of this is to circumvent Bell Canada’s throttling, which they apply to both their own residential customers and to their third-party wholesale partners, like TekSavvy.