From owner-freebsd-net@freebsd.org Wed Sep 16 16:21:49 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 286573EAC41 for ; Wed, 16 Sep 2020 16:21:49 +0000 (UTC) (envelope-from diego.abelenda@gmail.com) Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [IPv6:2a00:1450:4864:20::32a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Bs52h29Xzz3yPQ for ; Wed, 16 Sep 2020 16:21:48 +0000 (UTC) (envelope-from diego.abelenda@gmail.com) Received: by mail-wm1-x32a.google.com with SMTP id l9so3672825wme.3 for ; Wed, 16 Sep 2020 09:21:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version; bh=PdwSpdcOzidcu6lBnDZppeMJ6QtZf0BmTCTIaRTbm1Y=; b=Zn80wlb9ZEnDY5pI41T2DdJOzxWWTmrJBtHCkjZDMLnMFeDQDu+Ji450hJZKdbYQ2h ms1vmWJUHM4OaOTnurzVD1dvZkhFlfJbj7C5ImApQnzwsdEYHOt/DZnkXNxUYDCFgXyv Pziczg+TtryEuSBwZKAtgSnkj2sFc0zDa6y/umPm8QCszTFVJkYn3qcW6iM/hcc18t3V RzPP0jj2AcHpN5vZh2o57smStMmfifX5w44AMiIjPYkn4EZ5dpZ2AL0xYAdbuSnM2UOq E7yChI8YU5j4urop8M6E4Rkjp/vdi+7vS8HHDs/u5nZBdyx7RS9PtPIhYmP+4z7cJ2Nx EnSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version; bh=PdwSpdcOzidcu6lBnDZppeMJ6QtZf0BmTCTIaRTbm1Y=; b=SrNzkiWVdHaKQonw3HOXuRs4GPXeVdzgVlK1J5ZN8NLDHEPs0HEt9jlKhjH6c16vzB fsI7kA2X7DmJv6xEYAfh2CXquK9J/jESPFv23PfklZEvqj4FDyAt+Ba6nJ8WAb2Cs5LK 2Xh3QFWrM8oPUvzpg7QB0MSHDpCj4E5pYQjzD4DnnWqAiJLJg9tofD3Y9fmvu4hARLhX KIRjZpAr7b84qai9a68hZB1xngbe9SuZZjy2aKYdKkE1B67gyvWMZ6ARNU56h178u2s0 civ/FmPmNhxIS3ZwpnYFX2rQlF+DrnbVfp9aBeCqwUmAa5j/owlPGr6rw6lQXiQW0T9x CY/w== X-Gm-Message-State: AOAM533vvNYOBuw5QVp0hA4Yc+nimKsn9lRIdpJCoErIfTSHwTX41ZFa ACleEAJEZFz11bW1Bml6Dqk= X-Google-Smtp-Source: ABdhPJyJmc6vpai6JCAIm/dfgBX6FRqYGfL9j/zDzdc6y+TleUT5LLeMyoArdI2Ga38nfptdf0Uoyw== X-Received: by 2002:a7b:ce8d:: with SMTP id q13mr5526489wmj.119.1600273306740; Wed, 16 Sep 2020 09:21:46 -0700 (PDT) Received: from debian (72.199.5.85.dynamic.wline.res.cust.swisscom.ch. [85.5.199.72]) by smtp.gmail.com with ESMTPSA id c4sm33463070wrp.85.2020.09.16.09.21.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Sep 2020 09:21:45 -0700 (PDT) Date: Wed, 16 Sep 2020 18:21:41 +0200 From: Abelenda Diego To: John-Mark Gurney Cc: kaycee gb , freebsd-net@freebsd.org Subject: Re: IP "routing" issue Message-ID: <20200916182141.2705bb70@debian> In-Reply-To: <20200915191052.GN4213@funkthat.com> References: <20200909164254.5e7e3891@debian> <20200910185400.593a8ce2@debian> <20200915191052.GN4213@funkthat.com> X-Mailer: Claws Mail 3.17.6 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/.jffZP9p5IfRyrz_3eIP4zE"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Rspamd-Queue-Id: 4Bs52h29Xzz3yPQ X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Zn80wlb9; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of diegoabelenda@gmail.com designates 2a00:1450:4864:20::32a as permitted sender) smtp.mailfrom=diegoabelenda@gmail.com X-Spamd-Result: default: False [-3.22 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.58)[-0.585]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.004]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; RECEIVED_SPAMHAUS_PBL(0.00)[85.5.199.72:received]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.04)[-1.035]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::32a:from]; MID_RHS_NOT_FQDN(0.50)[]; FREEMAIL_CC(0.00)[hotmail.fr,freebsd.org]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-net] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Sep 2020 16:21:49 -0000 --Sig_/.jffZP9p5IfRyrz_3eIP4zE Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, Thank you for your input. Due to how convoluted the change in the configuration of FreeBSD would have been I had to completely change my infrastructure to match the vision my datacenter unilaterally imposed on me... So now I don't have this need anym= ore. Best regards, Diego Abelenda On Tue, 15 Sep 2020 12:10:52 -0700 John-Mark Gurney wrote: > Abelenda Diego wrote this message on Thu, Sep 10, 2020 at 18:54 +0200: > > Hello, > >=20 > > Thank you for pointing route "-iface" however I can't seem to manage wh= at I > > want. > >=20 > > When I use: > > "route add -host $IP_NOT_IN_SUBNET -iface bce0" > >=20 > > I get "netstat -rn" to say someting like: > >=20 > > Internet: > > Destination Gateway Flags Netif Expire > > default $UPSTREAM_GW UGS bce0 > > 10.0.0.1 link#7 UHS lo0 > > $IP_NO_IN_SUBNET $MAC_ADDRESS_OF_BCE0 UHS bce0 > >=20 > >=20 > > Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I > > get: > >=20 > > root@opnsense2:~ # ping $IP_NOT_IN_SUBNET > > PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes > > 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0). > >=20 > > Which doesn't seem appropriate at all wrt the routing table... > >=20 > > Did I use "route add" wrong? > >=20 > > Also I want to keep the setup simple, going through private IPs on the > > public VLAN of the datacenter might get me in trouble with them, and us= ing > > other VLANs for that will be a pain. =20 >=20 > Can you provide a diagram of the network layout, and where the > configuration needs to go? Because if it's just the opnsense box that > needs the IP addresses, adding them as an alias to bce is enough to > make it work. >=20 > If you're trying to do something else, like have boxes behind the > opnsense box have those IP addresses, then: > route add $IP_NO_IN_SUBNET $IP_OF_BOX_WITH_IP_NO_IN_SUBNET >=20 > would just work. >=20 > I just noticed the 10.0.0.1 IP on lo0, and that's a bit odd to have... >=20 > > On Wed, 9 Sep 2020 17:35:45 +0200 > > kaycee gb wrote: > > =20 > > > Le Wed, 9 Sep 2020 16:42:54 +0200, > > > Abelenda Diego a =C3=A9crit : > > > =20 > > > > Hello, > > > >=20 > > > > I've got a FreeBSD installation in a DataCenter that provided me wi= th a > > > > single address IPv4 with an upstream gateway (cidr is fine the upst= ream > > > > gateway works everything is nice and running). I use this machine f= or > > > > Masquerading an private infrastructure. > > > >=20 > > > > Now I need other machines with public IPv4 and when I requested the > > > > additional IPv4 to the DataCenter, they gave me a bunch of /32 addr= esses > > > > saying that my previous IPv4 MUST be configured as next-hop on their > > > > side. From my understanding in FreeBSD the route command is unable = to > > > > perform this kind of configuration where you tell that the IPv4 /32= is > > > > available without next-hop (no via) on a specific link. I know the > > > > linux "ip route add $IP dev $LINK" configures this, but I cannot se= em > > > > to map this knowledge to FreeBSD. > > > >=20 > > > > Is it possible to perform this very special setup with any command = on > > > > FreeBSD? If yes what is that command? > > > >=20 > > > > Best regards, > > > > Diego Abelenda =20 > > >=20 > > > Hi, > > >=20 > > > Do the other machines have a private address ? Is it a problem if they > > > have one ?=20 > > > If it is possible, you can route via this private address on your Fre= eBSD > > > installation to the new one and assign a public/32 to the last. > > >=20 > > > Alternatively to doing routing like above, if you have a firewall ena= bled > > > on the first machine, you can do address forwarding between the first= and > > > the new one.=20 > > >=20 > > > And last, maybe with something like -iface from "route" you can achie= ve > > > what you want. =20 >=20 --Sig_/.jffZP9p5IfRyrz_3eIP4zE Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEhLBEGh6nN5+aat9KomT4UAfkGfgFAl9iO5UACgkQomT4UAfk GfjvBA/+Nz0SRTMhcp8nilcHuVGekGBpYhe5y3bO9cDMN5TXGhdi5kUwMqsfJvGc KHNCvSobn00nKSlUIEOP/2HAMq8fYlLQgF/YON+M0XKvBj7/oYbiclerefL7tcWz FFtSTDjkasaDeJf7rIQUj+9gBmuy9nslLHGvcTTrbfj42QxbHGoK1lpbL+L46U8a 11vUcraMuZtOnLW97X0s1+KsQAiR0SxqZjwTqKQ0A/GpLNAFGqcKMRs9uVyjEr7+ jZdWxKYLL1+xaTOVdJ7OwHDd6ebrUaQ/tWARMHN6tbCAvlNAwfTJea+g62ZJKS6d n/GCQIEUl2UqrK11+muA7SzAIDWK7sUmAo8/AwUTVvvG0YMySSxCvTW05Pa4wB5P b6q0N6b3X7Q2tNKi0zbiMXcYpVYBFju1HBLyMVu+vrZ19Xp24+tBQieXG8uJjDE7 20cJwt8K0YQH9JFX+h1CQGVzx+Jk3luwnlGLw3LGYUO9CgYnghXmnZ3btI0Y6nFH q3SN8Z4wfJMLwb1wMqbfudBAnTnCV1OiKFPpUQqIfkjMZ7rDAn3TiutByaqQnXjF qx6pCw5uuwADTxAJ/0SdHjOW3s6H3vTmFUQfiYkJWdO266h3Vf+I/Or1QCQKSn9q 39fy4p/wmYMWfBXOPo4TNnm10Us2fdYAMklO1QjA3MFTLj8VPgc= =3TRs -----END PGP SIGNATURE----- --Sig_/.jffZP9p5IfRyrz_3eIP4zE--