From owner-freebsd-net@freebsd.org  Tue Jan 24 10:13:38 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 494F0CBF80C
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Tue, 24 Jan 2017 10:13:38 +0000 (UTC)
 (envelope-from eugen@eg.sd.rdtc.ru)
Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id BF6871D80;
 Tue, 24 Jan 2017 10:13:35 +0000 (UTC)
 (envelope-from eugen@eg.sd.rdtc.ru)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221])
 by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id v0O9tiUl096705
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 24 Jan 2017 10:55:45 +0100 (CET)
 (envelope-from eugen@eg.sd.rdtc.ru)
X-Envelope-From: eugen@eg.sd.rdtc.ru
X-Envelope-To: truckman@FreeBSD.org
Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1])
 by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id v0O9tehp024813
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 24 Jan 2017 16:55:40 +0700 (KRAT)
 (envelope-from eugen@eg.sd.rdtc.ru)
Received: (from eugen@localhost)
 by eg.sd.rdtc.ru (8.15.2/8.15.2/Submit) id v0O9td4n024811;
 Tue, 24 Jan 2017 16:55:39 +0700 (KRAT) (envelope-from eugen)
Date: Tue, 24 Jan 2017 16:55:39 +0700
From: Eugene Grosbein <eugen@grosbein.net>
To: Don Lewis <truckman@FreeBSD.org>
Cc: freebsd-net@FreeBSD.org
Subject: Re: inheriting fib from an interface
Message-ID: <20170124095539.GA18648@rdtc.ru>
References: <201701240131.v0O1VMcu005208@gw.catspoiler.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201701240131.v0O1VMcu005208@gw.catspoiler.org>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,
 HEADER_FROM_DIFFERENT_DOMAINS,LOCAL_FROM,RP_MATCHES_RCVD autolearn=no
 autolearn_force=no version=3.4.1
X-Spam-Report: * 0.0 RP_MATCHES_RCVD Envelope sender domain matches handover
 relay domain
 *  0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
 *      domains are different
 * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000] *  2.6 LOCAL_FROM From my domains
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2017 10:13:38 -0000

On Mon, Jan 23, 2017 at 05:31:22PM -0800, Don Lewis wrote:

> Let's say that I have an application running on a server that is
> connected to the Internet via two different ISPs and is using IP
> addresses (ISP A:10.0.0.10 and ISP B:192.168.1.10) delegated by those
> two ISPs on it's two interfaces.  Responses to requests sent to
> 10.0.0.10 should be sent via ISP A, and responses to requests sent to
> 192.168.1.10 should be ISB B.
> 
> There are a couple of different ways that I can think of to do this:
> 
> 1) Put the server behind another FreeBSD box that uses policy-based
>  routing to forward the outbound packets to the desired ISP.  My
>  understanding is that this only works for packet forwarding and not
>  for locally generated packets.

Single command "ipfw add 2000 fwd $ispgw2 ip from $ip2 to any out xmit $isp1_iface"
works for locally generated packets too.

It "fixes" outgoing routing path for packets
from IP belonging to "non-default" ISP2 when default route points to ISP1.