From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 04:48:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E14D37B401 for ; Mon, 28 Jul 2003 04:48:10 -0700 (PDT) Received: from mx1.evo6.net (mx1.evo6.net [80.76.194.10]) by mx1.FreeBSD.org (Postfix) with SMTP id A72B743F93 for ; Mon, 28 Jul 2003 04:48:08 -0700 (PDT) (envelope-from andy@mx1.evo6.net) Received: (qmail 18185 invoked by uid 1001); 28 Jul 2003 11:48:07 -0000 Date: Mon, 28 Jul 2003 12:48:06 +0100 From: Andy Gilligan To: Juan Rodriguez Hervella Message-ID: <20030728114806.GA41123@vega.evo6.net> References: <002701c354c7$96366c40$0202000a@vx> <200307281103.55077.jrh@it.uc3m.es> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <200307281103.55077.jrh@it.uc3m.es> User-Agent: Mutt/1.4.1i X-Spam-Status: No, hits=-5.0 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.55-evo6.net X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55-evo6.net (1.174.2.19-2003-05-19-exp) cc: net@freebsd.org Subject: Re: Next-hop based on source address (IPv6) [solved] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 11:48:10 -0000 On Mon, Jul 28, 2003 at 10:03:53AM BST, Juan Rodriguez Hervella wrote: > On Monday 28 July 2003 07:17, Andy Gilligan wrote: > > Hi, > > > > I have three IPv6 /48 networks connected to a FreeBSD 4.8 router, and I > > allocate /64 tunnels from each network to client machines. > > > > Is there any way I can specify the next-hop or outbound interface to use > > on the router based on the source address of the client? > > > > I initially thought of 'ipfw fwd', but ip6fw doesn't seem to have this > > ability. > > > > Any thoughts? > > > > Hello Andy: > > I wanted to do something similar and when I realized that ip6fw didn't have > such option, I asked for it on the Kame mailing list, but they answered me > that they didn't see it as a feature demanded by the community so they > didn't have any plan to implement it on the short term. > (Anyway I think it shouldn't be hard to add such feature, > but I'm a bit lazy :) > > You can ask for it on Kame mailing-list again (because I ask for it a long > time ago and it may have been already implemented, I don't know). Also I > think that there are implementations of something called "source base > routing", but I don't have experience with that. Well, I got it working eventually, after a bit of tinkering with ipf... I must admit, I completely forgot about ipf's 'fastroute' abilities, especially with regard to IPv6 :) --- Summary --- Three tunnels: (fictional ip addrs) gif0 : 2001:111:111::/48 : gw=2001:1000::1 gif1 : 2001:222:222::/48 : gw=2001:2000::1 gif2 : 2001:333:333::/48 : gw=2001:3000::1 The default route is via gif0 (fe80::%gif0) My ipf6.rules: pass in on gif0 to gif1:2001:2000::1 from 2001:222:222::/48 to any pass in on gif0 to gif2:2001:3000::1 from 2001:333:333::/48 to any So far, I haven't noticed any WeirdStuff(tm) happening, so things look promising - all packets leave via the right interface :) Comments welcome if this looks like it may cause problems :) Best regards, -Andy