From owner-freebsd-net Fri May 10 4:54:57 2002 Delivered-To: freebsd-net@freebsd.org Received: from mailout.informatik.tu-muenchen.de (mailout.informatik.tu-muenchen.de [131.159.0.5]) by hub.freebsd.org (Postfix) with ESMTP id B7AA437B408 for ; Fri, 10 May 2002 04:54:50 -0700 (PDT) Received: from mailrelay2.informatik.tu-muenchen.de (mailrelay.informatik.tu-muenchen.de [131.159.2.33]) by mailout.informatik.tu-muenchen.de (Postfix) with ESMTP id 6257A6253; Fri, 10 May 2002 13:54:49 +0200 (MEST) Received: from atrbg11.informatik.tu-muenchen.de (atrbg11.informatik.tu-muenchen.de [131.159.24.91]) by mailrelay2.informatik.tu-muenchen.de (Postfix) with ESMTP id 363BA47386; Fri, 10 May 2002 13:54:49 +0200 (MEST) Received: by atrbg11.informatik.tu-muenchen.de (Postfix, from userid 20455) id 9D528139C8; Fri, 10 May 2002 13:54:48 +0200 (CEST) Date: Fri, 10 May 2002 13:54:48 +0200 From: Daniel Lang To: Nick Rogness Cc: freebsd-net@FreeBSD.ORG Subject: Re: Multiple NICs on the same subnet Message-ID: <20020510115448.GB34132@atrbg11.informatik.tu-muenchen.de> References: <20020509203930.GA32900@atrbg11.informatik.tu-muenchen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i X-Geek: GCS/CC d-- s: a- C++$ UBS++++$ P+++$ L- E-(---) W+++(--) N++ o K w--- O? M? V? PS+(++) PE--(+) Y+ PGP+ t++ 5+++ X R+(-) tv+ b+ DI++ D++ G++ e+++ h---(-) r++>+++ y+ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I guess I've found a solution. I'll post it here: Nick Rogness wrote on Thu, May 09, 2002 at 05:28:13PM -0500: [..] > The best way to handle this is with ipfw fwd. Basically you > forward packets trying to leave the default gateway with the > aliased address of a different interface out the right interface. > > For example: > > xl0 --> alias= 1.1.1.1/32 , (default gateway out this interface) > xl1 --> alias= 1.1.1.2/32 > lge0 --> alias= 1.1.1.3/32 > > ipfw ruleset: > > # FOrward packets properly > ipfw fwd $IP_OF_NEXT_HOP_xl1 ip from 1.1.1.2/32 to any out via xl0 > ipfw fwd $IP_OF_NEXT_HOP_lge0 ip from 1.1.1.3/32 to any out via xl0 > . . . [rest of firewall] . . . [..] This did not work, because you cannot specify in the rule which interface to use for the forwarded packet. This is determined by the routing table, as described in ipfw(8). As the $IP_OF_NEXT_HOP_lge0 would be the same for $IP_OF_NEXT_HOP_xl0. So I've used ipfilter instead of ipfw with the following rule: [..] pass out on xl0 fastroute lge0 from 1.1.1.3 to any [..] This matches any packet from 1.1.1.3 which attempts to leave via xl0 but is then stuffed into the outgoing queue of lge0. Again, thanks for your help. Best regards, Daniel -- IRCnet: Mr-Spock - All your .sigs are belong to us - Daniel Lang * dl@leo.org * +49 89 289 25735 * http://www.leo.org/~dl/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message