Date: Fri, 11 Sep 2020 00:20:20 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Abelenda Diego <diego.abelenda@gmail.com>, kaycee gb <kisscoolandthegangbang@hotmail.fr> Cc: freebsd-net@freebsd.org Subject: Re: IP "routing" issue Message-ID: <a1b38a3f-0948-50e6-04fd-7d8207d16917@grosbein.net> In-Reply-To: <20200910185400.593a8ce2@debian> References: <20200909164254.5e7e3891@debian> <VE1PR03MB5629FC5FAB3212A0987F7F4CA0260@VE1PR03MB5629.eurprd03.prod.outlook.com> <20200910185400.593a8ce2@debian>
next in thread | previous in thread | raw e-mail | index | archive | help
10.09.2020 23:54, Abelenda Diego wrote: > Thank you for pointing route "-iface" however I can't seem to manage what I > want. > > When I use: > "route add -host $IP_NOT_IN_SUBNET -iface bce0" > > I get "netstat -rn" to say someting like: > > Internet: > Destination Gateway Flags Netif Expire > default $UPSTREAM_GW UGS bce0 > 10.0.0.1 link#7 UHS lo0 > $IP_NO_IN_SUBNET $MAC_ADDRESS_OF_BCE0 UHS bce0 > > > Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I get: > > root@opnsense2:~ # ping $IP_NOT_IN_SUBNET > PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes > 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0). > > Which doesn't seem appropriate at all wrt the routing table... Such route means that an attempt to send any packet to the IP in question results in broadcast ARP query for destination IP sent out of bce0. It seems your upstream has arp proxy enabled, so it sends ARP reply with its MAC address making your host send IP packet to $UPSTREAM_GW, but its routing table points back to your $PUBLIC_IP_OF_BCE0, hence redirection is generated. You should not use "-iface bce0" but right interface name pointing to host having target IP address. And if your own host has it, you do not need to add any route at all, but assign additional IP as alias to bce0.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a1b38a3f-0948-50e6-04fd-7d8207d16917>