|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
FreeBSD on Rasperi/Bananna-Pi for router?
So I'm about to purchase a Rasberry/Bananna Pi device to upgrade some features in my network routing. The thing is I'm concerned because there is only one NIC [Gigabit]. I was thinking either pump traffic in and back out [assigning 2 ip's to that one nic] of or just make a virtual nic for traffic routing and point inward/outward traffic to its destination...
The Pi device is then plugged into the switch and wa-la. Ok so my traffic peaks at about 10-12MB/s at the WAN side, my question is which setup would most likely give me the best performance [basically no reduction] for routing traffic? I'll be running pf, and wifi for an AP. I think the quad core arm with that Gb-nic is plenty of power, I'm just curious about the software setup being the bottle neck. It may not even put a dent in it but I thought I would get some opinions. If you have a totally different idea I'm up for hearing it. Any hits would be greatly appreciated Ghost |
|
||||
Hello, and welcome!
I don't know anything about the various Raspberry products, but if the models have both a wired NIC and a wireless NIC, they can act as routers between a wired subnet and a WiFi subnet. If you want to route wired Ethernet, then a single NIC does not a router make, unless you implement a vlan(4) based infrastructure, and route via individual VLANs. VLAN - IEEE 802.1Q - requires a central backbone device called, quite subtly, a managed switch. Unless your switch is in this class, you'll need to use a computer with at least two NICs. Managed switches come with administration and provisioning tools, so you would know if yours was in this class. |
|
|||
Thank you,
I'm new to this raspi thing, but I'm a Linux Desktop user and primarily FreeBSD for serving little LAN projects. On this topic maybe I'm missing something, I looked up aliases and understand that an alias requires a different subnet which is perfect, as well as giving me a second network interface listing in ifconfig. So what is not allowing me to route from rl0 (Pub-IP)--->rl0_alias (10.0.0.1)? example WORLD--->MODEM--->SWITCH--->rl0 [RasPi] Public IP --->rl0_alias (10.0.0.1) --->switch Ex idea for Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.0.0.1 UGS 0 49378 xl0 127.0.0.1 127.0.0.1 UH 0 6 lo0 10.0.0/24 link#1 UC 0 0 xl0 192.168.1/24 link#2 UC 0 0 xl0_alias If there is something fundamentally disallowing packets to be passed through the alias, I could understand, I just thought a situation similar to this might work. If not I can always use a USB NIC, I was just going for efficiency. |
|
||||
Quote:
Quote:
All an alias address will do is cause the NIC to respond to any Address Resolution Protocol ("ARP") query broadcast for that IP address on the local Ethernet segment. Quote:
In your post, you show a topology where two subnets share the same physical Ethernet segment, from the Modem (your ISP gateway router) to every device. There is no isolation between subnets -- they all share the same Ethernet network. If you're planning to use this new device as a firewall, with set policies to enforce, your device and its policies can be bypassed merely by someone changing a device's IP address from one subnet to the other -- from an address on the 10.0.0.0/24 "inner" subnet to an address on the 192.168.1/24 "outer" subnet. That's all it takes to bypass your device. The VLAN technology I mentioned in my post above is quite different -- untagged (standard Ethernet) ports assigned to unique VLANs on the switch are on separate Ethernet segments. Traffic is physically isolated. |
|
||||
I'm returning to this thread because there was a discussion a couple of years ago in this forum regarding multiple subnets on the same Ethernet segment. http://daemonforums.org/showthread.php?t=8528
Man page links within are broken -- every reference now refers to chmod(2), which is unhelpful, but if you ignore those references, the rest of the discussion may be helpful. Last edited by jggimi; 9th May 2016 at 11:57 PM. Reason: typo |
Tags |
bananna pi, firewall, freebsd, pf, rasberry pi |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Cable modem + router + FreeBSD | Beastie | FreeBSD General | 2 | 24th June 2009 07:58 AM |
FreeBSD as firewall/router on VMware ESXi | Bruco | FreeBSD General | 12 | 6th December 2008 08:37 PM |
Decision for FreeBSD router | bichumo | General software and network | 3 | 3rd July 2008 07:33 PM |
Where to go for specific freebsd router problems? | borngeniusat1974 | FreeBSD General | 3 | 19th June 2008 11:21 PM |
Router - recommendations for FreeBSD? | ClaptonOrient | FreeBSD General | 17 | 12th June 2008 06:12 PM |