Date: Wed, 16 Sep 2020 18:21:41 +0200 From: Abelenda Diego <diego.abelenda@gmail.com> To: John-Mark Gurney <jmg@funkthat.com> Cc: kaycee gb <kisscoolandthegangbang@hotmail.fr>, freebsd-net@freebsd.org Subject: Re: IP "routing" issue Message-ID: <20200916182141.2705bb70@debian> In-Reply-To: <20200915191052.GN4213@funkthat.com> References: <20200909164254.5e7e3891@debian> <VE1PR03MB5629FC5FAB3212A0987F7F4CA0260@VE1PR03MB5629.eurprd03.prod.outlook.com> <20200910185400.593a8ce2@debian> <20200915191052.GN4213@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/.jffZP9p5IfRyrz_3eIP4zE Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, Thank you for your input. Due to how convoluted the change in the configuration of FreeBSD would have been I had to completely change my infrastructure to match the vision my datacenter unilaterally imposed on me... So now I don't have this need anym= ore. Best regards, Diego Abelenda On Tue, 15 Sep 2020 12:10:52 -0700 John-Mark Gurney <jmg@funkthat.com> wrote: > Abelenda Diego wrote this message on Thu, Sep 10, 2020 at 18:54 +0200: > > Hello, > >=20 > > Thank you for pointing route "-iface" however I can't seem to manage wh= at I > > want. > >=20 > > When I use: > > "route add -host $IP_NOT_IN_SUBNET -iface bce0" > >=20 > > I get "netstat -rn" to say someting like: > >=20 > > Internet: > > Destination Gateway Flags Netif Expire > > default $UPSTREAM_GW UGS bce0 > > 10.0.0.1 link#7 UHS lo0 > > $IP_NO_IN_SUBNET $MAC_ADDRESS_OF_BCE0 UHS bce0 > >=20 > >=20 > > Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I > > get: > >=20 > > root@opnsense2:~ # ping $IP_NOT_IN_SUBNET > > PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes > > 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0). > >=20 > > Which doesn't seem appropriate at all wrt the routing table... > >=20 > > Did I use "route add" wrong? > >=20 > > Also I want to keep the setup simple, going through private IPs on the > > public VLAN of the datacenter might get me in trouble with them, and us= ing > > other VLANs for that will be a pain. =20 >=20 > Can you provide a diagram of the network layout, and where the > configuration needs to go? Because if it's just the opnsense box that > needs the IP addresses, adding them as an alias to bce is enough to > make it work. >=20 > If you're trying to do something else, like have boxes behind the > opnsense box have those IP addresses, then: > route add $IP_NO_IN_SUBNET $IP_OF_BOX_WITH_IP_NO_IN_SUBNET >=20 > would just work. >=20 > I just noticed the 10.0.0.1 IP on lo0, and that's a bit odd to have... >=20 > > On Wed, 9 Sep 2020 17:35:45 +0200 > > kaycee gb <kisscoolandthegangbang@hotmail.fr> wrote: > > =20 > > > Le Wed, 9 Sep 2020 16:42:54 +0200, > > > Abelenda Diego <diego.abelenda@gmail.com> a =C3=A9crit : > > > =20 > > > > Hello, > > > >=20 > > > > I've got a FreeBSD installation in a DataCenter that provided me wi= th a > > > > single address IPv4 with an upstream gateway (cidr is fine the upst= ream > > > > gateway works everything is nice and running). I use this machine f= or > > > > Masquerading an private infrastructure. > > > >=20 > > > > Now I need other machines with public IPv4 and when I requested the > > > > additional IPv4 to the DataCenter, they gave me a bunch of /32 addr= esses > > > > saying that my previous IPv4 MUST be configured as next-hop on their > > > > side. From my understanding in FreeBSD the route command is unable = to > > > > perform this kind of configuration where you tell that the IPv4 /32= is > > > > available without next-hop (no via) on a specific link. I know the > > > > linux "ip route add $IP dev $LINK" configures this, but I cannot se= em > > > > to map this knowledge to FreeBSD. > > > >=20 > > > > Is it possible to perform this very special setup with any command = on > > > > FreeBSD? If yes what is that command? > > > >=20 > > > > Best regards, > > > > Diego Abelenda =20 > > >=20 > > > Hi, > > >=20 > > > Do the other machines have a private address ? Is it a problem if they > > > have one ?=20 > > > If it is possible, you can route via this private address on your Fre= eBSD > > > installation to the new one and assign a public/32 to the last. > > >=20 > > > Alternatively to doing routing like above, if you have a firewall ena= bled > > > on the first machine, you can do address forwarding between the first= and > > > the new one.=20 > > >=20 > > > And last, maybe with something like -iface from "route" you can achie= ve > > > what you want. =20 >=20 --Sig_/.jffZP9p5IfRyrz_3eIP4zE Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEhLBEGh6nN5+aat9KomT4UAfkGfgFAl9iO5UACgkQomT4UAfk GfjvBA/+Nz0SRTMhcp8nilcHuVGekGBpYhe5y3bO9cDMN5TXGhdi5kUwMqsfJvGc KHNCvSobn00nKSlUIEOP/2HAMq8fYlLQgF/YON+M0XKvBj7/oYbiclerefL7tcWz FFtSTDjkasaDeJf7rIQUj+9gBmuy9nslLHGvcTTrbfj42QxbHGoK1lpbL+L46U8a 11vUcraMuZtOnLW97X0s1+KsQAiR0SxqZjwTqKQ0A/GpLNAFGqcKMRs9uVyjEr7+ jZdWxKYLL1+xaTOVdJ7OwHDd6ebrUaQ/tWARMHN6tbCAvlNAwfTJea+g62ZJKS6d n/GCQIEUl2UqrK11+muA7SzAIDWK7sUmAo8/AwUTVvvG0YMySSxCvTW05Pa4wB5P b6q0N6b3X7Q2tNKi0zbiMXcYpVYBFju1HBLyMVu+vrZ19Xp24+tBQieXG8uJjDE7 20cJwt8K0YQH9JFX+h1CQGVzx+Jk3luwnlGLw3LGYUO9CgYnghXmnZ3btI0Y6nFH q3SN8Z4wfJMLwb1wMqbfudBAnTnCV1OiKFPpUQqIfkjMZ7rDAn3TiutByaqQnXjF qx6pCw5uuwADTxAJ/0SdHjOW3s6H3vTmFUQfiYkJWdO266h3Vf+I/Or1QCQKSn9q 39fy4p/wmYMWfBXOPo4TNnm10Us2fdYAMklO1QjA3MFTLj8VPgc= =3TRs -----END PGP SIGNATURE----- --Sig_/.jffZP9p5IfRyrz_3eIP4zE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200916182141.2705bb70>