From owner-freebsd-net@freebsd.org Thu Sep 10 16:54:08 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 19F393DDAD1 for ; Thu, 10 Sep 2020 16:54:08 +0000 (UTC) (envelope-from diego.abelenda@gmail.com) Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BnQ2l2fWWz4K0Q for ; Thu, 10 Sep 2020 16:54:07 +0000 (UTC) (envelope-from diego.abelenda@gmail.com) Received: by mail-ej1-x636.google.com with SMTP id o8so9715230ejb.10 for ; Thu, 10 Sep 2020 09:54:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version; bh=vD0g8QeaYtcyIxQ6053ZQLwMlOjo2b7M67YdBhHpHsk=; b=Sy49HoqAseZJEvf7PMQDlderAnK/64gGdKme8NN5dnNqowNLsh4tU+G6IjEOafsQx3 tFnfwljEk/7dZvvYRnTvZmSgVdO06mJnhD3cUzmW48CVxMOCGMxOt5Pqxc/nPJH5swAQ nXJx86eNUXntFHeLWQKnX0Lvy9M5ChhhiDz8v4SVDBkdyi38LVnvmJ/RnkPwVJPJIGcu tzNnmYT8SPtxONJoY37IrwwdSU/fk7ctgWyklWkzEkPPyl06ACbL/sAI7sX90ijOGEnp 16Ze/5x3ZntGgIb5yruHB7xSH67E2yh1VnY1WdpqbqbphcZd8Pt84uoNyuqbZ/Fkrdos L+vQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version; bh=vD0g8QeaYtcyIxQ6053ZQLwMlOjo2b7M67YdBhHpHsk=; b=RaWzDmD3kJQwBmuoSx09b2GcSHuwIIBeYFA0V8eEMImoAp5Xxj+Yj00Icaj0J1tjlJ 5wAGMHzNGkHB1PyYOu0nObHDSLEvYVueJLFDDL2aBLP52j8c6SSHKSYFUWBADk+ZgX7h 1eTYXGqBsZpmvln2kCJrKUJiTOeALdSJILLN3CAWfQg3wWA3PB750dLBcsG7nRhuvePr J4t1mpcxecV/DV7vFPtSLyAL22ijq80ox4wPXNqoJk1v+XoeEJt+zU7DsZci2Qn19yc0 VgPWHmtLywJkX1xT6CXOpx+FV1nKu0yGYsU6JlW1VZBCBDTSO+3eU+ykYHueh3Lu/qMc xQHw== X-Gm-Message-State: AOAM532DApV0EOb8IuN/sFWzVrbU0UwVo7WJnO2bVwbia9vE544Uv17D FEPu3EyFF8WgJWFfLd6vL0QlP40F8ZE= X-Google-Smtp-Source: ABdhPJyK3V8Jo+4kiC5U+MM47hqJEDH+u2fufDRdQuz3v4L37DKxPNKoM1e2yE7AdcRQkdxz3tTLmg== X-Received: by 2002:a17:906:ca4f:: with SMTP id jx15mr9642608ejb.454.1599756845293; Thu, 10 Sep 2020 09:54:05 -0700 (PDT) Received: from debian (72.199.5.85.dynamic.wline.res.cust.swisscom.ch. [85.5.199.72]) by smtp.gmail.com with ESMTPSA id t6sm8222989ejc.40.2020.09.10.09.54.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Sep 2020 09:54:04 -0700 (PDT) Date: Thu, 10 Sep 2020 18:54:00 +0200 From: Abelenda Diego To: kaycee gb Cc: freebsd-net@freebsd.org Subject: Re: IP "routing" issue Message-ID: <20200910185400.593a8ce2@debian> In-Reply-To: References: <20200909164254.5e7e3891@debian> X-Mailer: Claws Mail 3.17.6 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/rSIssGkG0.YGV=Q1AVVY660"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Rspamd-Queue-Id: 4BnQ2l2fWWz4K0Q X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Sy49HoqA; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of diegoabelenda@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=diegoabelenda@gmail.com X-Spamd-Result: default: False [-2.38 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FREEMAIL_TO(0.00)[hotmail.fr]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.95)[-0.955]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; RECEIVED_SPAMHAUS_PBL(0.00)[85.5.199.72:received]; FROM_HAS_DN(0.00)[]; NEURAL_SPAM_SHORT(0.16)[0.162]; NEURAL_HAM_LONG(-0.98)[-0.985]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::636:from]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-net] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Sep 2020 16:54:08 -0000 --Sig_/rSIssGkG0.YGV=Q1AVVY660 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, Thank you for pointing route "-iface" however I can't seem to manage what I want. When I use: "route add -host $IP_NOT_IN_SUBNET -iface bce0" I get "netstat -rn" to say someting like: Internet: Destination Gateway Flags Netif Expire default $UPSTREAM_GW UGS bce0 10.0.0.1 link#7 UHS lo0 $IP_NO_IN_SUBNET $MAC_ADDRESS_OF_BCE0 UHS bce0 Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I ge= t: root@opnsense2:~ # ping $IP_NOT_IN_SUBNET PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0). Which doesn't seem appropriate at all wrt the routing table... Did I use "route add" wrong? Also I want to keep the setup simple, going through private IPs on the publ= ic VLAN of the datacenter might get me in trouble with them, and using othe= r VLANs for that will be a pain. Best regards, Diego Abelenda On Wed, 9 Sep 2020 17:35:45 +0200 kaycee gb wrote: > Le Wed, 9 Sep 2020 16:42:54 +0200, > Abelenda Diego a =C3=A9crit : >=20 > > Hello, > >=20 > > I've got a FreeBSD installation in a DataCenter that provided me with a > > single address IPv4 with an upstream gateway (cidr is fine the upstream > > gateway works everything is nice and running). I use this machine for > > Masquerading an private infrastructure. > >=20 > > Now I need other machines with public IPv4 and when I requested the > > additional IPv4 to the DataCenter, they gave me a bunch of /32 addresses > > saying that my previous IPv4 MUST be configured as next-hop on their si= de. > > From my understanding in FreeBSD the route command is unable to perform= this > > kind of configuration where you tell that the IPv4 /32 is available wit= hout > > next-hop (no via) on a specific link. I know the linux "ip route add $I= P dev > > $LINK" configures this, but I cannot seem to map this knowledge to Free= BSD. > >=20 > > Is it possible to perform this very special setup with any command on > > FreeBSD? If yes what is that command? > >=20 > > Best regards, > > Diego Abelenda =20 >=20 > Hi, >=20 > Do the other machines have a private address ? Is it a problem if they ha= ve > one ?=20 > If it is possible, you can route via this private address on your FreeBSD > installation to the new one and assign a public/32 to the last. >=20 > Alternatively to doing routing like above, if you have a firewall enabled= on > the first machine, you can do address forwarding between the first and the > new one.=20 >=20 > And last, maybe with something like -iface from "route" you can achieve w= hat > you want.=20 >=20 > K. > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --Sig_/rSIssGkG0.YGV=Q1AVVY660 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEhLBEGh6nN5+aat9KomT4UAfkGfgFAl9aWigACgkQomT4UAfk GfhHjxAAgGjAFo1KmLydR2NllqZOikChu0bG/2T7dCgg7s1Qfw2ndTVWDkGOY/Kg kfajr4pZj7LIq2Or7Z2vmkjK1dAZLdgsoXP8p9yEFhtGkhGoLw4qRsL9YJ1UQDpR GdjKtbDqq0xgLfKzHFnAOF2Iv7hfAhi2Rzgmtxkp4OQDmiAmFp+B/j/B5ndgaf1u xf1i1HfmAGZRVZebt1WLChRdpQHERW2EwIOflQ4XOnDg1wxsVknd0kTobwMCkTpX Q6SIBxk/qXIPouUS8GprHRdGJeuJYO92GCNk1Nrlztrw1v+p4+JbkCHzPQ7lleVn 1lb6z3zxrSND/jOMtL6Xg1mIIywFTcGiHbojSlPfH+UJM4IZgopXRe7HvBGlC+HR GM5IpW7vwhd8b6jAUGZid581Z/n5n+Ni6dTXLpvgpB4XiiD52lO+he3zUVPGBZes TJCrnKEUSyeTG8a2ilBQXkCDTFpFKOteu13zAOdw2o4lQw2cj9mYeZUCycnnNJlo To61v66qpu39G4AfH09zMikI9FhQ5flJqFGOtXgBv+9gdlQ2LrYTwiGG8U2kycz7 eT52I7lyqbSSK0UMr1wWdU4bZKgUyrWKAyin4vcmE25m38Uypoda0L8a9lLEXadg a5liQGA2RUsIAg03SujF0V3I8ibI4vohn3LAZ0hSP5q3MqaPgwI= =dYqQ -----END PGP SIGNATURE----- --Sig_/rSIssGkG0.YGV=Q1AVVY660--