pebkac routing problem
dillon at apollo.backplane.com
Thu Oct 6 13:07:03 PDT 2005
:So I tried it first on my test server (which already is on the fiber
:network but reversing the process to move to the cable IP should
:logically be the same of course I tried it both ways but did not write
:down that progress, what I did write down is placed beneath all).
:My conclusion where that the package always return via the default
:gateway and thus get blocked by the next hop gateway which (reasonable)
:blocks routing for foreign IP's.
:My question is, how can I configure my BSD box, that a IP package is
:always returned to the gateway it came from when?
:Thanks in advance for any suggestions, directions or any other comment.
:18.104.22.168/27 gw 22.214.171.124
:126.96.36.199/24 gw 188.8.131.52
:So the outgoing echo reply is probably routed through default gateway
:and there silently discarded because of IP policies.
:Trying to add a route for 184.108.40.206/24 (FAILS):
:# route add 220.127.116.11/24 18.104.22.168
:route: writing to routing socket: File exists
:add net 22.214.171.124: gateway 126.96.36.199: File exists
The outgoing packet is routed based only on the destination address,
and at the moment we can only have one default route, so any outgoing
packet to an outside internet address will wind up going through the
default route nomatter what it's source address is.
BUT! It *IS* possible to get around this using IPFW (and probably
ipfilter too, but I'm more familiar with IPFW), using a 'forward' rule.
Do a 'man ipfw' and look for 'fwd' or 'forward'. What you want to do is
create 'allow' rules for target IP's that are on your two LANs, and
then any packets destined for the outside world will fall through to
your forwarding rules which you can set up to forward to the correct
gateway based on the source IP.
<dillon at xxxxxxxxxxxxx>
More information about the Users