Date: Sun, 5 Feb 2017 19:44:20 +0100 From: Alarig Le Lay <alarig@swordarmor.fr> To: freebsd-net@freebsd.org Subject: Re: Avoid using RFC3927 outside of the link Message-ID: <20170205184420.yv7vteskd7t7sd67@mew.swordarmor.fr> In-Reply-To: <58589E28.9020900@grosbein.net> References: <20161219184617.7yph7isgtgjy4mja@kaiminus> <58582C25.7090806@grosbein.net> <20161219190506.kc32q7sz3okekup7@kaiminus> <58583645.3090502@grosbein.net> <20161219210150.mf4cwx3k33x2qbbe@kaiminus> <58589E28.9020900@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--m2tikxai5vi7dqy7 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On mar. 20 d=C3=A9c. 09:57:44 2016, Eugene Grosbein wrote: > 20.12.2016 4:01, Alarig Le Lay =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > > On Tue Dec 20 02:34:29 2016, Eugene Grosbein wrote: > > > Well, you can always use brute force instead: > > >=20 > > > ipfw nat 169 config reset ip 89.234.186.1 && \ > > > ipfw add 60 nat 169 ip from 169.254.0.0/16 to any out xmit igb0 > > >=20 > > > That's ugly but works. > >=20 > > I will work just by side effect: by doing this, I will send BGP packets > > from 89.234.186.1, which is an IP than the peer learned by BGP. This wi= ll > > create a recursive loop, and the session will be shut. So, no more > > traffic will transit through this interface, and this IP will not be > > displayed anymore :p >=20 > You could also use another public IP as primary address for interface in = question > and an address from 169.254.0.0/16 as secondary one. BGP will still work = and > kernel/ICMP will use public IP. Hi, I tried this, but the box is still replying from 169.254.0.0/16: alarig@scw-0eb563:~$ mtr -4bw kaiminus.swordarmor.fr Start: Sun Feb 5 18:33:13 2017 HOST: scw-0eb563 Loss% Snt La= st Avg Best Wrst StDev 1.|-- 10.2.18.150 0.0% 10 = 0.4 0.4 0.3 0.5 0.0 2.|-- ??? 100.0 10 = 0.0 0.0 0.0 0.0 0.0 3.|-- 10.1.96.0 0.0% 10 = 0.6 0.6 0.5 0.9 0.0 4.|-- ??? 100.0 10 = 0.0 0.0 0.0 0.0 0.0 5.|-- 188-225-47-212.int.cloud.online.net (212.47.225.188) 0.0% 10 = 1.9 1.3 0.6 2.3 0.0 6.|-- 195.154.1.38 0.0% 10 = 1.9 1.3 1.0 2.1 0.0 7.|-- 195.154.1.193 0.0% 10 = 2.2 2.7 1.4 5.7 1.2 8.|-- equinix-th2.quantic-telecom.net (195.42.144.192) 0.0% 10 = 1.6 1.8 1.2 2.8 0.3 9.|-- 185.132.75.33 0.0% 10 = 8.2 8.4 7.8 9.4 0.3 10.|-- 169.254.1.3 0.0% 10 = 8.4 8.6 7.9 9.4 0.0 11.|-- kaiminus.swordarmor.fr (89.234.186.26) 0.0% 10 = 8.1 9.2 8.1 9.9 0.3 I did this commands: birdc disable bgp_quantic birdc6 disable bgp_quantic ifconfig em0.21 down ifconfig em0.21 destroy ifconfig em0.21 create ifconfig em0.21 description "transit quantic" ifconfig em0.21 vlan 21 vlandev em0 ifconfig em0.21 inet 169.254.1.2/29 ifconfig em0.21 inet 89.234.186.7/32 alias ifconfig em0.21 inet6 2a06:e040:3501:0101:0002::2/80 birdc enable bgp_quantic birdc6 enable bgp_quantic I also tried to put 89.234.186.7/32 as primary and 169.254.1.2/29 as alias. Also, the routes are installed like this: root@nominoe:~ # netstat -rn | grep 169.254.1.1 | head 1.0.129.0/24 169.254.1.1 UG1 em0.21 1.0.144.0/20 169.254.1.1 UG1 em0.21 So, am I right if I say that the box will always use 169.254.1.2 as source address because the next hop is 169.254.1.1? Thanks, --=20 alarig --m2tikxai5vi7dqy7 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE+2yGwT0H0n57WkRbrzhKwWsgK4gFAliXcoEACgkQrzhKwWsg K4iNPgf+KCTj67ch0RyUyb8XJXh9sZYDAsBMNcl/oMLlcXUVCSFUeqhqn7fpdmOw 33e7ULADjHwoO7eojnDtQ+WMT7IwDY6Y3hvyHHmz29In47fkyPbsN6GPusFeJVVY x7P4RoGJWfF4rOsxhoqD1XqWN9Dtf7kmguQufy9wGH913CoeBlgka3SLYXTD1CvF GP7X4pOshyRR0q8decdV+7SHdvWWfRNXH49ddHKuAGHWVCieDRgLIhH5t3O3O+Sp VfkSPwzVzizncPqol111X5SQ93zAMQtnl7SV4za6s586kKh84qsRn0B8ZRvQhZR+ UoisbSg539bW20PfLTuzd+KvI1zjyA== =mT4T -----END PGP SIGNATURE----- --m2tikxai5vi7dqy7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170205184420.yv7vteskd7t7sd67>