pebkac routing problem

Matthew Dillon dillon at apollo.backplane.com
Thu Oct 6 13:07:03 PDT 2005


:...
:So I tried it first on my test server (which already is on the fiber 
:network but reversing the process to move to the cable IP should 
:logically be the same of course I tried it both ways but did not write 
:down that progress, what I did  write down is placed beneath all).
:
:My conclusion where that the package always return via the default 
:gateway and thus get blocked by the next hop gateway which (reasonable) 
:blocks routing for foreign IP's.
:
:My question is, how can I configure my BSD box, that a IP package is 
:always returned to the gateway it came from when?
:
:Thanks in advance for any suggestions, directions or any other comment.
:
:Martin (mph)
:
:current configuration:
:145.103.249.189/27	gw 145.103.249.190
:
:appending configuration:
:213.126.48.226/24 	gw 213.126.48.1
:
:...
:
:So the outgoing echo reply is probably routed through default gateway 
:and there silently discarded because of IP policies.
:
:Trying to add a route for 213.126.48.0/24 (FAILS):
:# route add 213.126.48.0/24 213.126.48.1
:route: writing to routing socket: File exists
:add net 213.126.48.0: gateway 213.126.48.1: File exists

    The outgoing packet is routed based only on the destination address,
    and at the moment we can only have one default route, so any outgoing
    packet to an outside internet address will wind up going through the
    default route nomatter what it's source address is.

    BUT!  It *IS* possible to get around this using IPFW (and probably 
    ipfilter too, but I'm more familiar with IPFW), using a 'forward' rule.
    Do a 'man ipfw' and look for 'fwd' or 'forward'.  What you want to do is
    create 'allow' rules for target IP's that are on your two LANs, and
    then any packets destined for the outside world will fall through to
    your forwarding rules which you can set up to forward to the correct
    gateway based on the source IP.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>





More information about the Users mailing list