Date: Fri, 15 Jun 2007 14:34:54 -0700 From: Christopher Cowart <ccowart@rescomp.berkeley.edu> To: freebsd-net@freebsd.org Cc: sysadmin@rescomp.berkeley.edu Subject: Routing outbound IP packets on multihomed box Message-ID: <20070615213454.GE2335@rescomp.berkeley.edu>
next in thread | raw e-mail | index | archive | help
--6e7ZaeXHKrTJCxdu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, I have a server with two NICs: em0: 169.229.79.139/25 vlan526: 169.229.126.9/24 The default gateway is 169.229.79.129. The router for the 126 subnet is 169.229.126.1.=20 netstat -rn: | Destination Gateway Flags Refs Use Netif Expire | default 169.229.79.129 UGS 0 102537 em0 | 127.0.0.1 127.0.0.1 UH 0 217 lo0 | 169.229.79.128/25 link#1 UC 0 0 em0 | 169.229.79.129 00:15:c7:b9:f4:80 UHLW 2 4 em0 1193 | 169.229.79.139 00:11:25:ab:42:70 UHLW 1 589 lo0 | 169.229.126/24 link#9 UC 0 0 vlan52 | 169.229.126.1 00:15:c7:b9:f4:80 UHLW 1 34 vlan52 1200 | 169.229.126.9 00:18:f8:09:d3:a5 UHLW 1 8 lo0 The IP address on em0 works exactly as one would expect. I have full IP connectivity to it from other subnets.=20 The problem is I can't get 2-way connectivity with the IP address on vlan526. Using my workstation on a third subnet (169.229.127.38/24), I cannot ping 169.229.126.9. I leave the ping running and do some tcpdumps on=20 the server. $ sudo tcpdump -ni vlan526 host 169.229.127.38 | 14:14:37.002920 IP 169.229.127.38 > 169.229.126.9: ICMP echo=20 | request, id 15733, seq 35, length 64 | 14:14:38.003037 IP 169.229.127.38 > 169.229.126.9: ICMP echo=20 | request, id 15733, seq 36, length 64 Notice there are no echo replies. That's because they're being sent=20 here: $ sudo tcpdump -ni em0 host 169.229.127.38 | 14:15:42.006997 IP 169.229.126.9 > 169.229.127.38: ICMP echo reply,=20 | id 15733, seq 100, length 64 | 14:15:43.007118 IP 169.229.126.9 > 169.229.127.38: ICMP echo reply,=20 | id 15733, seq 101, length 64 I repeated this last snoop with a -w and loaded it into ethereal. The echo replies being sent out on em0 indeed have a source address of 169.229.126.9. The router (169.229.79.139) drops these packets on the floor, because their source address isn't routable on that interface. Because routing is based on destination, not source address, I'm not sure how to get packets sourced from the 126 subnet to the router on the 126 subnet. I tried the following ipfw rule right after allow loopback traffic (my second rule): fwd 169.229.126.1 ip from 169.229.126.9 to not 169.229.126.0/24 Still no luck. Has anyone set up a multihomed box on *different* subnets before without routing them through the FreeBSD box? Does anyone have any pointers or things I should be looking at? Thanks, --=20 Chris Cowart Lead Systems Administrator Network Infrastructure, RSSP-IT UC Berkeley --6e7ZaeXHKrTJCxdu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFGcwX+V3SOqjnqPh0RAnJiAJsHhr1/gFx6suYATeMXTLcUtAMSOwCgnuyz 5BOD5j2DJULHsfeo3A/C5t0= =fE8r -----END PGP SIGNATURE----- --6e7ZaeXHKrTJCxdu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070615213454.GE2335>