From owner-freebsd-net Wed Dec 4 12:31:21 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16E9D37B401 for ; Wed, 4 Dec 2002 12:31:20 -0800 (PST) Received: from smtpout.mac.com (A17-250-248-88.apple.com [17.250.248.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFF6443EBE for ; Wed, 4 Dec 2002 12:31:19 -0800 (PST) (envelope-from cswiger@mac.com) Received: from asmtp01.mac.com (asmtp01-qfe3 [10.13.10.65]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id gB4KVJxh026797 for ; Wed, 4 Dec 2002 12:31:19 -0800 (PST) Received: from bust ([12.38.161.88]) by asmtp01.mac.com (Netscape Messaging Server 4.15) with ESMTP id H6M3O600.H8R; Wed, 4 Dec 2002 12:31:18 -0800 Date: Wed, 4 Dec 2002 15:31:17 -0500 Subject: Re: SO_DONTROUTE, arp's, ipfw fwd, etc Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) Cc: "'freebsd-net@freebsd.org'" To: Don Bowman From: Chuck Swiger In-Reply-To: Message-Id: <5717ED58-07C7-11D7-A933-000A27D85A7E@mac.com> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wednesday, December 4, 2002, at 03:20 PM, Don Bowman wrote: > What's happening is I have >1 router feeding me sessions which > I'm transparently proxying (e.g. squid). > Obviously I can't have a default route back to each of them. > > So I have something like: > > [Router1]---\ > \ > [Router2]--------[BSD] > / > [Router3]---/ > > This is done with a layer-2 mac rewrite, ie the router takes the packet, > doesn't modify the IP header, but changes the destination MAC to > be that of the BSD machine. You can't have more than one default route, but you certainly can have several static or dynamic routes to select the appropriate router to send responses back. You could also look into policy-based routing or multihoming the connections, but I guess that depends on what you're doing. > I can't make the route be one of those routers, > and the routing tables are too complicated to install (since there > may be BGP on the left of them, etc, etc). Its important for > me the response packets go back through the same path (to avoid > reordering etc). What happens if incoming traffic comes via more than one router at a time-- how should your system decide which path to send replies back? Based on the source IP? -Chuck Chuck Swiger | chuck@codefab.com | All your packets are belong to us. -------------+-------------------+----------------------------------- "The human race's favorite method for being in control of the facts is to ignore them." -Celia Green To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message