Re: [j-nsp] different default for different vlans

Fri, 20 Mar 2009 19:42:31 -0700

I wish it were. This is all traffic except for local traffic. Any explanation for why the ex4200 doesn't have the except keyword? 

On Mar 20, 2009, at 6:55 PM, Nilesh Khambal wrote:
Are using proxy just for http and https? Is so, then can you be specific in the filters with protocol and ports. You can add a default accept at the end of the filter to accept all other traffic that does not match http or https. Traffic accepted by default accept will get routed using inet.0 routing table. 

This way you don't have to use "except" in filter terms.

Thanks,
Nilesh

Cord MacLeod wrote:
That would be great, and I thought of it just after I sent the email. There's one big thing I'm missing though... except. 
From an m7:
Possible completions:
  <[Enter]>            Execute this command
  except               Match address not in this prefix
From an ex4200:
  <[Enter]>            Execute this command
In other words, all of my traffic would hit this proxy and it would break routing between the vlans if I use policy based routing and can't use except. 
On Mar 20, 2009, at 6:37 PM, Nilesh Khambal wrote:
Can you try policy based routing using input firewall filter on EX? This was you can redirect the traffic to another forwarding- instance where your proxy resides. You will also have to take care of reverse routing from the proxy forwarding instance back to inet.0 on EX so that return traffic can go back to client VLANs. 

Thanks,
Nilesh.

Cord MacLeod wrote:
I feel silly for asking this, but apparently my brain isn't working today. I've got some machines in a public vlan, 100 and some RFC 1918 machines on another vlan, 120. I redistribute 0.0.0.0 in ospf through my network down to these EX4200's that the machines are hanging off of. Is there a way for my RFC 1918 machines to default to different next hop (proxy machine) when not attempting to route between vlans so they can hit outside. The way we do it now is changing the default gateway on the machines. I'd like to perform this automatically on the ex4200s if possible. 
Any ideas?
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

.


_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Reply via email to