From owner-freebsd-net@FreeBSD.ORG Fri Nov 16 06:18:40 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C899516A41B for ; Fri, 16 Nov 2007 06:18:40 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outM.internet-mail-service.net (outM.internet-mail-service.net [216.240.47.236]) by mx1.freebsd.org (Postfix) with ESMTP id B4CBE13C45D for ; Fri, 16 Nov 2007 06:18:40 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Thu, 15 Nov 2007 22:18:39 -0800 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 4E888126A0E; Thu, 15 Nov 2007 22:18:39 -0800 (PST) Message-ID: <473D363E.20305@elischer.org> Date: Thu, 15 Nov 2007 22:18:38 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: Brian Hawk References: <473C5593.4080407@tnetus.com> <20071116001429.GE1499@beaver.trit.net> <473D3258.9040203@tnetus.com> In-Reply-To: <473D3258.9040203@tnetus.com> Content-Type: text/plain; charset=ISO-8859-9; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Dima Dorfman Subject: Re: Interface address sourced packets go thru default gateway on another interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Nov 2007 06:18:40 -0000 Brian Hawk wrote: > Dima Dorfman wrote: >> I don't think it ever worked the way you described. The source IP >> address doesn't usually affect how replies will be routed on the way >> out. >> > Then what would be the reason to bind a connection to a specific source > address? We do > ping -S A.B.C.D x.y.z.t > to make ping send packets to x.y.z.t over A.B.C.D's interface (and > source address) or > telnet -s A.B.C.D x.y.z.t no binding does not affect the interface the packet goes out. in affects the address that return packets will be sent to but that's about all. > > I believe binding an IP's source address to an interface address > (instead of INADDR_ANY) is to make packets go out from *that* interface, > not the default gw. >> You can fix this with policy routing rules. Here's an example with PF: >> >> : pass out quick route-to ($other_if $other_gw) from ($other_if) >> >> > I really am an ipfilter fan. It's greate that pf support this. But I > think ipfilter doesn't yet. At least not the version I'm using (v3.4.35). ipfw can do it with fwd {next hop} ip from ${other_if} to ${where-ever} you can even do fwd tablearg ip from ${src} to table(x) to implement a second routing table for packets from ${src} > > -Brian > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"