Date: Tue, 23 Sep 2008 00:49:23 -0700 From: Julian Elischer <julian@elischer.org> To: Igor R <igor4ml@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Multiple routing tables (setfib) trouble Message-ID: <48D89F83.9020002@elischer.org> In-Reply-To: <a53601230809222249t563149b0le4b0c0a73d9d93e7@mail.gmail.com> References: <a53601230809222249t563149b0le4b0c0a73d9d93e7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Igor R wrote: > Hello! > > I'm using FreeBSD 7.0-STABLE (Jul 25) and I have two Internet > connections. Both are ethernet based, but one requires PPTP (2) while > another is direct with external IP address. > Trouble is that provider (1) of connection with external address is > limiting number of outgoing TCP connections (this was reason I got > another provider). So now my setup is > 1) On boot I have default route to provider (1) > 2) After MPD (PPTP) is up I replace default route with route to provider (2) > 3) I use "route-to" and "reply-to" in /etc/pf.rules to route incoming > SSH and HTTP and outgoing HTTP via provider (1), also I use these > rules to provide routing to internal network of this provider > 4) All other traffic (BitTorrent :-) ) is going via provider (2) via > ng0 (PPTP) interface > All works fine, but ... Provider with PPTP is less reliable and when > PPTP connection fails I have trouble connecting to my SSH server > (because DNS stops working) > > So, after FreeBSD got multiple routing tables I tried this: > > 1) On boot I have default route to provider (1) > 2) After MPD (PPTP) is up I do > 2a) setfib 1 route add default PPTP_DEFAULT_GATEWAY > 2b) setfib 1 /usr/local/etc/rc.d/tranmission restart > > And here are problems: > 1) All outgoing traffic with fib==1 goes through provider (2) as > expected, answers are received > 2) BUT ... incoming traffic looks strange: answers are sent through > default gateway with fib==0 > > I made simple test: > > setfib 1 netcat -l 8000 > and then from outside: > telnet my_ip 8000 > I see (with tcpdump) incoming packets on ng0 (PPTP) inteface, but no > answers. which address is the source address for the outgoing packets? is it possible the socket has been bound to the address of the other interface? hmm now THEORETICALLY you can figure out which packets have which fib by using the 'fib' qualifier in ipfw.. i.e. ipfw add 100 count log ip from any to any fib 1 to > If I start tcpdump on other provider interface I see packets > with answers. But if I try > setfib 1 traceroute some_host > then routing works via correct gateway > > So, is it possible to have bittorrent daemon with FIB=1 :-)? > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48D89F83.9020002>