From owner-freebsd-questions@freebsd.org Sun Feb 5 10:37:11 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1F262CD22EE for ; Sun, 5 Feb 2017 10:37:11 +0000 (UTC) (envelope-from rol@Robert-Eckardt.de) Received: from serv11.ackermedia.de (11-8.ackermedia.de [212.112.224.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DAE5B1AF6 for ; Sun, 5 Feb 2017 10:37:09 +0000 (UTC) (envelope-from rol@Robert-Eckardt.de) Received: from postit (ip-178-202-83-180.hsi09.unitymediagroup.de [178.202.83.180]) by serv11.ackermedia.de (Postfix) with ESMTPSA id 5555F554374 for ; Sun, 5 Feb 2017 11:30:13 +0100 (CET) Received: from webmail.home.roberte.eu (localhost [127.0.0.1]) by postit (8.15.2/8.15.2) with ESMTP id v15AUChH085288 for ; Sun, 5 Feb 2017 11:30:12 +0100 (CET) (envelope-from rol@Robert-Eckardt.de) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sun, 05 Feb 2017 11:30:12 +0100 From: Robert Eckardt To: freebsd-questions@freebsd.org Subject: A simple routing question Message-ID: <33a14dcd9e8e9897c49e045e1606bdb1@Robert-Eckardt.de> X-Sender: rol@Robert-Eckardt.de User-Agent: Roundcube Webmail/1.2.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2017 10:37:11 -0000 Hi all, currently I'm trying to solve a problem that, as I see from studying the archives, pops up on and off again. Yet, I was unable to find a solution. The SITUATION: A local network connects to the internet using two providers with routers (AVM FritzBox) that do the IPv4-NATing and a server (FreeBSD 11.0-RELEASE with RADIX_MPATH und ipfw) as part of the inner firewall (see the illustration below). Internet / \ / \ 1.1.2.3--Provider1 Provider2--2.2.3.4 ns.provider1.de | | ns.provider2.de | | www.domain1.de www.domain2.de | | 1.1.1.123 2.2.2.234 Router1 Router2 10.0.0.1 10.0.0.2 | | +---+--------+ | 10.0.0.3 Server 10.10.0.1 | LAN The default routes of Server point to both routers and static routes are defined e.g. for the respective name servers. The PROBLEM: Requests to domain1 are answred correctly, requests to domain2 try their way via Router1 as ECMP routing does not take into account, where the connection originated from. However, packets of connections coming in via Router2 must also be returned via Router2. (I mainly care for TCP, but UDP would also be interesting.) The QUESTION: Is there a solution to this scenario in FreeBSD? Please help me and other people seeking a solution to solve this problem by describing a way to configure the server appropriately or show that the problem cannot be solved in the given setting. Regards, Robert