From owner-freebsd-net@FreeBSD.ORG Tue Sep 23 07:49:25 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0B81A1065678 for ; Tue, 23 Sep 2008 07:49:25 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outN.internet-mail-service.net (outn.internet-mail-service.net [216.240.47.237]) by mx1.freebsd.org (Postfix) with ESMTP id D0A378FC35 for ; Tue, 23 Sep 2008 07:49:24 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 076402350; Tue, 23 Sep 2008 00:49:25 -0700 (PDT) Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id 358832D601A; Tue, 23 Sep 2008 00:49:24 -0700 (PDT) Message-ID: <48D89F83.9020002@elischer.org> Date: Tue, 23 Sep 2008 00:49:23 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.16 (Macintosh/20080707) MIME-Version: 1.0 To: Igor R References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Multiple routing tables (setfib) trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Sep 2008 07:49:25 -0000 Igor R wrote: > Hello! > > I'm using FreeBSD 7.0-STABLE (Jul 25) and I have two Internet > connections. Both are ethernet based, but one requires PPTP (2) while > another is direct with external IP address. > Trouble is that provider (1) of connection with external address is > limiting number of outgoing TCP connections (this was reason I got > another provider). So now my setup is > 1) On boot I have default route to provider (1) > 2) After MPD (PPTP) is up I replace default route with route to provider (2) > 3) I use "route-to" and "reply-to" in /etc/pf.rules to route incoming > SSH and HTTP and outgoing HTTP via provider (1), also I use these > rules to provide routing to internal network of this provider > 4) All other traffic (BitTorrent :-) ) is going via provider (2) via > ng0 (PPTP) interface > All works fine, but ... Provider with PPTP is less reliable and when > PPTP connection fails I have trouble connecting to my SSH server > (because DNS stops working) > > So, after FreeBSD got multiple routing tables I tried this: > > 1) On boot I have default route to provider (1) > 2) After MPD (PPTP) is up I do > 2a) setfib 1 route add default PPTP_DEFAULT_GATEWAY > 2b) setfib 1 /usr/local/etc/rc.d/tranmission restart > > And here are problems: > 1) All outgoing traffic with fib==1 goes through provider (2) as > expected, answers are received > 2) BUT ... incoming traffic looks strange: answers are sent through > default gateway with fib==0 > > I made simple test: > > setfib 1 netcat -l 8000 > and then from outside: > telnet my_ip 8000 > I see (with tcpdump) incoming packets on ng0 (PPTP) inteface, but no > answers. which address is the source address for the outgoing packets? is it possible the socket has been bound to the address of the other interface? hmm now THEORETICALLY you can figure out which packets have which fib by using the 'fib' qualifier in ipfw.. i.e. ipfw add 100 count log ip from any to any fib 1 to > If I start tcpdump on other provider interface I see packets > with answers. But if I try > setfib 1 traceroute some_host > then routing works via correct gateway > > So, is it possible to have bittorrent daemon with FIB=1 :-)? > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"