Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 10 May 2002 13:54:48 +0200
From:      Daniel Lang <dl@leo.org>
To:        Nick Rogness <nick@rogness.net>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: Multiple NICs on the same subnet
Message-ID:  <20020510115448.GB34132@atrbg11.informatik.tu-muenchen.de>
In-Reply-To: <Pine.BSF.4.21.0205091710500.21635-100000@cody.jharris.com>
References:  <20020509203930.GA32900@atrbg11.informatik.tu-muenchen.de> <Pine.BSF.4.21.0205091710500.21635-100000@cody.jharris.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi all,

I guess I've found a solution. I'll post it here:

Nick Rogness wrote on Thu, May 09, 2002 at 05:28:13PM -0500:
[..]
> 	The best way to handle this is with ipfw fwd.  Basically you
> 	forward packets trying to leave the default gateway with the
> 	aliased address of a different interface out the right interface.
> 
> 	For example:
> 
> 	xl0 --> alias= 1.1.1.1/32 , (default gateway out this interface)
> 	xl1 --> alias= 1.1.1.2/32
> 	lge0 --> alias= 1.1.1.3/32
> 
> 	ipfw ruleset:
> 
> 	# FOrward packets properly
>       ipfw fwd $IP_OF_NEXT_HOP_xl1 ip from 1.1.1.2/32 to any out via xl0
>       ipfw fwd $IP_OF_NEXT_HOP_lge0 ip from 1.1.1.3/32 to any out via xl0
> 	. . . [rest of firewall] . . .
[..]

This did not work, because you cannot specify in the rule which
interface to use for the forwarded packet. This is determined by
the routing table, as described in ipfw(8). As the 
$IP_OF_NEXT_HOP_lge0 would be the same for $IP_OF_NEXT_HOP_xl0.

So I've used ipfilter instead of ipfw with the following rule:

[..]
pass out on xl0 fastroute lge0 from 1.1.1.3 to any
[..]

This matches any packet from 1.1.1.3 which attempts to leave via xl0
but is then stuffed into the outgoing queue of lge0.

Again, thanks for your help.

Best regards,
 Daniel
-- 
IRCnet: Mr-Spock                      - All your .sigs are belong to us -
 Daniel Lang * dl@leo.org * +49 89 289 25735 * http://www.leo.org/~dl/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020510115448.GB34132>