From owner-freebsd-questions@FreeBSD.ORG Fri Oct 20 20:39:57 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B45BB16A4C9 for ; Fri, 20 Oct 2006 20:39:57 +0000 (UTC) (envelope-from dpenev@mnet.bg) Received: from home.mnet.bg (home.mnet.bg [84.43.191.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F47843DE3 for ; Fri, 20 Oct 2006 20:38:27 +0000 (GMT) (envelope-from dpenev@mnet.bg) Received: from localhost (home [127.0.0.1]) by home.mnet.bg (Postfix) with ESMTP id 8731783164; Fri, 20 Oct 2006 23:38:25 +0300 (EEST) Received: from home.mnet.bg ([127.0.0.1]) by localhost (home [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 11837-03-99; Fri, 20 Oct 2006 23:38:24 +0300 (EEST) Received: from venus.dp.local (cable-84-43-158-170.mnet.bg [84.43.158.170]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by home.mnet.bg (Postfix) with ESMTP id 3265383137; Fri, 20 Oct 2006 23:38:24 +0300 (EEST) Received: from earth.dp.local (earth [192.168.11.1]) by venus.dp.local (8.13.6/8.13.6) with ESMTP id k9KKbMYM001009; Fri, 20 Oct 2006 23:37:46 +0300 (EEST) (envelope-from dpenev@mnet.bg) From: Dancho Penev To: Brian Hawk Date: Fri, 20 Oct 2006 23:37:21 +0300 User-Agent: KMail/1.7.2 References: <45391895.8010507@tnetus.com> In-Reply-To: <45391895.8010507@tnetus.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-9" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200610202337.21893.dpenev@mnet.bg> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at mnet.bg Cc: freebsd-questions@freebsd.org Subject: Re: Gateway problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2006 20:39:57 -0000 I'm moving this thread to "freebsd-questions" because it's the appropriate place for such questions. On Friday 20 October 2006 21:42, Brian Hawk wrote: > I'm having a strange situation for quite sometime. I have two external > interfaces one of which is an ADSL interface tun0 and obtains IP address > dynamically and the other is a (xl1) leased line which has a static > global IP address, lets say 212.64.212.180. Both interfaces access > internet without any problem. > > Recently I've configured qmail on this system to send out email thru xl1 > interface and use ADSL only for web traffic. It used to work quite good > for a while but recently I noticed TCP packets have been going out from > tun0 and responses coming in thru xl1. tun0 and ADSL is the default > gateway. But the TCP packets are bound to 212.64.212.180 IP address > which should send them out thru xl1. But it doesn't. No, you are wrong. Packet will be forwarded to default gateway through the interface which is on same network with it. You need some kind of policy routing. I'm not very familiar with ipf but with pf you can do: pass out on $ext_if0 route-to ($ext_if1 $ext_gw1) inet from $ext_if1 to any pass out on $ext_if1 route-to ($ext_if0 $ext_gw0) inet from $ext_if0 to any or with ipfw you can use "fwd" rule action. > > For the test, I did these > > tcpdump -nt -i xl1 tcp & > telnet -s 212.64.212.180 smtp.tnet.com 25 > > connection establishes but I can see only the TCP response packets > coming from xl1, like the following > > x.y.z.t > 212.64.212.180 > x.y.z.t > 212.64.212.180 > > All from external IPs to my xl1 int. No packets going out from xl1 they > all go thru default gateway even if TCP connections are bound to xl1's > IP address. > > I'd like to know if anybody knows why this happened and I can I turn > things back the way they were. Any help would be much appreciated. > > My configuration is like this; > > FreeBSD 5.4-RELEASE > ipf: IP Filter: v3.4.35 (336) > Kernel: IP Filter: v3.4.35 > ipfw has no rules; allow ip from any to any > there's also a transparent proxy setup for squid > > #~>netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 88.234.8.1 UGS 0 78722302 tun0 > 10/24 link#1 UC 0 0 rl0 => > 10 10.1.1.222 UGS 0 26233 xl0 > 10.0.0.99 link#1 UHLW 0 4 rl0 > 10.1.1/24 link#2 UC 0 0 xl0 > 10.1.1.13 00:50:8d:ed:88:94 UHLW 0 1876 xl0 1118 > 10.1.1.222 00:01:02:df:c1:19 UHLW 1 689 lo0 > 10.1.1.225 00:b0:d0:20:b7:9e UHLW 0 96690 xl0 706 > 88.234.8.1 88.234.14.26 UH 1 0 tun0 > 127.0.0.1 127.0.0.1 UH 0 2305904 lo0 > 192.168.0/16 link#3 UCS 0 0 xl1 > 212.64.212.176 ff:ff:ff:ff:ff:ff UHLWb 0 15 xl1 => > 212.64.212.176/29 link#3 UC 0 0 xl1 > 212.64.212.180 00:04:76:9b:3d:f8 UHLW 0 125 lo0 > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Dancho Penev