[j-nsp] different default for different vlans

Cord MacLeod cordmacleod at gmail.com
Fri Mar 20 22:38:56 EDT 2009 

I wish it were.  This is all traffic except for local traffic.  Any  
explanation for why the ex4200 doesn't have the except keyword?

On Mar 20, 2009, at 6:55 PM, Nilesh Khambal wrote:

> Are using proxy just for http and https? Is so, then can you be  
> specific in the filters with protocol and ports. You can add a  
> default accept at the end of the filter to accept all other traffic  
> that does not match http or https. Traffic accepted by default  
> accept will get routed using inet.0 routing table.
>
> This way you don't have to use "except" in filter terms.
>
> Thanks,
> Nilesh
>
> Cord MacLeod wrote:
>> That would be great, and I thought of it just after I sent the  
>> email.   There's one big thing I'm missing though... except.
>> From an m7:
>> Possible completions:
>>   <[Enter]>            Execute this command
>>   except               Match address not in this prefix
>> From an ex4200:
>>   <[Enter]>            Execute this command
>> In other words, all of my traffic would hit this proxy and it  
>> would  break routing between the vlans if I use policy based  
>> routing and  can't use except.
>> On Mar 20, 2009, at 6:37 PM, Nilesh Khambal wrote:
>>> Can you try policy based routing using input firewall filter on  
>>> EX?  This was you can redirect the traffic to another forwarding- 
>>> instance  where your proxy resides. You will also have to take  
>>> care of reverse  routing from the proxy forwarding instance back  
>>> to inet.0 on EX so  that return traffic can go back to client VLANs.
>>>
>>> Thanks,
>>> Nilesh.
>>>
>>> Cord MacLeod wrote:
>>>> I feel silly for asking this, but apparently my brain isn't   
>>>> working  today.
>>>> I've got some machines in a public vlan, 100 and some RFC 1918    
>>>> machines on another vlan, 120.  I redistribute 0.0.0.0 in ospf   
>>>> through  my network down to these EX4200's that the machines are   
>>>> hanging off  of.  Is there a way for my RFC 1918 machines to   
>>>> default to different  next hop (proxy machine) when not  
>>>> attempting  to route between vlans so  they can hit outside.  The  
>>>> way we do it  now is changing the default  gateway on the  
>>>> machines.  I'd like to  perform this automatically on  the  
>>>> ex4200s if possible.
>>>> Any ideas?
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> .

More information about the juniper-nsp mailing list