Date: Sun, 29 Jun 2025 21:29:41 -0400 From: Mason Loring Bliss <mason@blisses.org> To: freebsd-net@freebsd.org Subject: rp_filter equivalent? Message-ID: <aGHohWgtKxaPgdeR@blisses.org>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi all. I'm wondering what the equivalent to the Linux rp_filter is on FreeBSD. I'm asking because I've got a set-up on a hosting provider where I have a floating IP address that's not related to the main IP address of my system. Which is to say, my system is a.b.c.10 and routes through a.b.c.1, and I've got a floating IP that's x.y.z.50. Traffic from that x.y.z.50 address is supposed to route through a.b.c.1. I've got a vnet jail that's set up to use that x.y.z.50 address, and I've assigned x.y.z.50 to epair0b in the jail, but I ran into a problem. I couldn't tell that jail to use a.b.c.1 as its default gateway and that that was out through epair0a without assigning an a.b.c address to epair0a, even though I don't actually have a spare assigned to me. I believe I can just tell Linux to ram packets out an arbitrary interface if I turn off rp_filtering via a syscall, but I'm not sure how to cleanly do this with FreeBSD, hence my resorting to pilfering an IP address. I'll never receive traffic intended for this pilfered address and there's no risk of it causing confusion, but it doesn't feel like a clean answer. So, there's my question: is there some way I can have my vnet jail send packets out an interface that the system believes is unrelated to the IP address assigned to that interface? Thanks! -- (defun main () (format t "Mason Loring Bliss - mason@blisses.org - ") (format t "By the mysgydynge of the sterysman, he was set vpon the pylys") (format t " of the brydge, and the barge whelmyd. - Chronicle of Fabyan~%")) [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEEXtBZz1axB5rEDCEnrJXcHbvJVUFAmhh6IMACgkQnrJXcHbv JVX8UQ//eombue+zBWLl+43q+3gZqB02FDFVzun7geE514hHqG71PA6qk6xLia5G E3Jv3HJHw8U/8DDAATnH+snEL8QzOou4GZIalmhntAcFrYuXCmuOxlDsr1VU/ZGA CJoEXPag6Bqc3g9OqLY0+SzidHOxU1PZmVFhOOW7bfV0RyMz2ujA+JDRXS9yx4GG +71wX6MthcMwboNl/p5yjT1cbQT3n5l1UdxYCywGgl/gXcqkWWOhGm0BcRvdXzt8 C8pxW9PnNW78X48pWO3Fy74n+GY8JiPEZLF+4HtygUDOYvcwp3KcGkv0nK2e9HSr U/xD0ppGKWveoqUY06wns94fLybQLDYMaEwlhuW0PUFpPyWIR1UGf2EMskQ70evO 7vUC8Ey4Y2TVmy/tZ7SQcOml9qlPjBoP+yG9s/0biahBt50Kbi3DUZEHzmIFj0pC DLsTnndFl1k/O78aA3UV3WIM0yjdF3c5z2Y+i936iYSlusUrTRJ5LZW0Z2nNw5Qb QG4m0lkSEmwEJdWqLGRV7wmiUJodtXB/KIqt8Ho8ic2e5P/e6Tv43h4LiqYcNqfE HRV0Gf/ZH0U9PYYez1+mTfdFuT/1shQo2hYav9DHevX8MOGxWG5QhaAdHrYqP/1M 7UtuXMr01IYEgC1VnQgInw81+lzIyGJnGsPjZij3InyBgxLUDtk= =5XYX -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aGHohWgtKxaPgdeR>