Date: Wed, 16 Sep 2020 11:54:27 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: Abelenda Diego <diego.abelenda@gmail.com> Cc: kaycee gb <kisscoolandthegangbang@hotmail.fr>, freebsd-net@freebsd.org Subject: Re: IP "routing" issue Message-ID: <20200916185427.GQ4213@funkthat.com> In-Reply-To: <20200916182141.2705bb70@debian> References: <20200909164254.5e7e3891@debian> <VE1PR03MB5629FC5FAB3212A0987F7F4CA0260@VE1PR03MB5629.eurprd03.prod.outlook.com> <20200910185400.593a8ce2@debian> <20200915191052.GN4213@funkthat.com> <20200916182141.2705bb70@debian>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Abelenda Diego wrote this message on Wed, Sep 16, 2020 at 18:21 +0200:
> Thank you for your input.
>
> Due to how convoluted the change in the configuration of FreeBSD would have
> been I had to completely change my infrastructure to match the vision my
> datacenter unilaterally imposed on me... So now I don't have this need anymore.
Ok. Glad you were able to solve your problem, though obviously not the way you
wanted to.
Just for the archives, this style of routing should work fine in FreeBSD.
> On Tue, 15 Sep 2020 12:10:52 -0700
> John-Mark Gurney <jmg@funkthat.com> wrote:
>
> > Abelenda Diego wrote this message on Thu, Sep 10, 2020 at 18:54 +0200:
> > > Hello,
> > >
> > > Thank you for pointing route "-iface" however I can't seem to manage what I
> > > want.
> > >
> > > When I use:
> > > "route add -host $IP_NOT_IN_SUBNET -iface bce0"
> > >
> > > I get "netstat -rn" to say someting like:
> > >
> > > Internet:
> > > Destination Gateway Flags Netif Expire
> > > default $UPSTREAM_GW UGS bce0
> > > 10.0.0.1 link#7 UHS lo0
> > > $IP_NO_IN_SUBNET $MAC_ADDRESS_OF_BCE0 UHS bce0
> > >
> > >
> > > Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I
> > > get:
> > >
> > > root@opnsense2:~ # ping $IP_NOT_IN_SUBNET
> > > PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes
> > > 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0).
> > >
> > > Which doesn't seem appropriate at all wrt the routing table...
> > >
> > > Did I use "route add" wrong?
> > >
> > > Also I want to keep the setup simple, going through private IPs on the
> > > public VLAN of the datacenter might get me in trouble with them, and using
> > > other VLANs for that will be a pain.
> >
> > Can you provide a diagram of the network layout, and where the
> > configuration needs to go? Because if it's just the opnsense box that
> > needs the IP addresses, adding them as an alias to bce is enough to
> > make it work.
> >
> > If you're trying to do something else, like have boxes behind the
> > opnsense box have those IP addresses, then:
> > route add $IP_NO_IN_SUBNET $IP_OF_BOX_WITH_IP_NO_IN_SUBNET
> >
> > would just work.
> >
> > I just noticed the 10.0.0.1 IP on lo0, and that's a bit odd to have...
> >
> > > On Wed, 9 Sep 2020 17:35:45 +0200
> > > kaycee gb <kisscoolandthegangbang@hotmail.fr> wrote:
> > >
> > > > Le Wed, 9 Sep 2020 16:42:54 +0200,
> > > > Abelenda Diego <diego.abelenda@gmail.com> a écrit :
> > > >
> > > > > Hello,
> > > > >
> > > > > I've got a FreeBSD installation in a DataCenter that provided me with a
> > > > > single address IPv4 with an upstream gateway (cidr is fine the upstream
> > > > > gateway works everything is nice and running). I use this machine for
> > > > > Masquerading an private infrastructure.
> > > > >
> > > > > Now I need other machines with public IPv4 and when I requested the
> > > > > additional IPv4 to the DataCenter, they gave me a bunch of /32 addresses
> > > > > saying that my previous IPv4 MUST be configured as next-hop on their
> > > > > side. From my understanding in FreeBSD the route command is unable to
> > > > > perform this kind of configuration where you tell that the IPv4 /32 is
> > > > > available without next-hop (no via) on a specific link. I know the
> > > > > linux "ip route add $IP dev $LINK" configures this, but I cannot seem
> > > > > to map this knowledge to FreeBSD.
> > > > >
> > > > > Is it possible to perform this very special setup with any command on
> > > > > FreeBSD? If yes what is that command?
> > > > >
> > > > > Best regards,
> > > > > Diego Abelenda
> > > >
> > > > Hi,
> > > >
> > > > Do the other machines have a private address ? Is it a problem if they
> > > > have one ?
> > > > If it is possible, you can route via this private address on your FreeBSD
> > > > installation to the new one and assign a public/32 to the last.
> > > >
> > > > Alternatively to doing routing like above, if you have a firewall enabled
> > > > on the first machine, you can do address forwarding between the first and
> > > > the new one.
> > > >
> > > > And last, maybe with something like -iface from "route" you can achieve
> > > > what you want.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJfYl9iXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MEI1RTRGMTNDNzYyMDZDNjEyMDBCNjAy
MDVGMEIzM0REMDA2QURBAAoJECBfCzPdAGraB1kP/iqm+c1McTBkIu7gL4nLT+wv
QfBa/RUAoCy2JtHAqPKD2o+VcPeqARTQ4EFiEHm5POKsE7KQBz8OAMTo0lKjL5yN
cA7NFOqvo9LhKne5wqgmZV04dGW198BPcps8bOv2vulTuY2nJBmHVJ2Z0wF4nQoL
seJLm/1IOQYuozTW3PXx//c0n5Kk/f//jh0ljlq1zVscLPTOMLQUyK31jqU5JM89
zWq5sJKN16aC/ganEda7EOqUuH/rH2ed5XtP5mxNIQssiTl7DxCMWn/+30df7KFX
NytF+YO7X3PInVIlVE5v4i7KRKifHzCXWkbw2ms2CfIXnWaDLCV6giMIiTgpt9OC
T6gk9bbRxwk4RPcR1Y3PVjTh862kRswACiwvnq2nVGvUfnx8mCErvOwjW37KoHVH
7uYJ0mYL9sQuxdpOYr/IYV4uMmpThUHbddGSZPFB4aV6EJT3/w2rlTWaKAlNP61L
wYmbvkd9TUtXqqgdWLoY7eXaCpYnvfhpN/jVcAaTfgUF8TNKwvQhCAkF6YnqdFfm
POECjBOHAt/Hffg2EbBYAcY9yStz/+CENFTtkqSpTyEE1z9Z4hFGEC9dF/Ha9SXJ
ezLkksH6Cas8HtJq9jQL5He1bdJxPqf+o5r2BgP/rxcSBskp8K3r8SV7QGq5Kr15
z44AVUXDjNe/TtU/STwF
=TsAj
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200916185427.GQ4213>