From owner-freebsd-questions Fri Apr 26 4:50:29 2002 Delivered-To: freebsd-questions@freebsd.org Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141]) by hub.freebsd.org (Postfix) with ESMTP id 7CEBD37B417 for ; Fri, 26 Apr 2002 04:50:23 -0700 (PDT) Received: from k7.mavetju.org (topaz.mdcc.cx [212.204.230.141]) by topaz.mdcc.cx (Postfix) with ESMTP id 436072B83B; Fri, 26 Apr 2002 13:50:15 +0200 (CEST) Received: by k7.mavetju.org (Postfix, from userid 1001) id 11477229; Fri, 26 Apr 2002 21:49:48 +1000 (EST) Date: Fri, 26 Apr 2002 21:49:48 +1000 From: Edwin Groothuis To: Ruben de Groot Cc: freebsd-questions@freebsd.org Subject: Re: Routing problem 2nd public IP (using pptp) Message-ID: <20020426214948.A56548@k7.mavetju.org> Mail-Followup-To: Edwin Groothuis , Ruben de Groot , freebsd-questions@freebsd.org References: <20020426125228.A15075@ei.bzerk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020426125228.A15075@ei.bzerk.org>; from fbsd-q@bzerk.org on Fri, Apr 26, 2002 at 12:52:28PM +0200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Apr 26, 2002 at 12:52:28PM +0200, Ruben de Groot wrote: > tun0: flags=8051 mtu 1500 > inet 213.84.67.7 --> 195.190.240.223 netmask 0xffffff00 > Opened by PID 575 > tun1: flags=8051 mtu 1500 > inet 213.84.67.8 --> 195.190.240.223 netmask 0xffffff00 > Opened by PID 582 > > Looks ok, but I can only connect to the first (tun0) interface. > While pinging from another machine I let tcpdump listen on tun1: > > tcpdump: listening on tun1 > 12:21:49.427878 130.161.221.138 > 213.84.67.8: icmp: echo request (DF) > 12:21:50.422595 130.161.221.138 > 213.84.67.8: icmp: echo request (DF) > 12:21:51.422480 130.161.221.138 > 213.84.67.8: icmp: echo request (DF) > > So, packets coming in, but not going out. Meanwhile, on a terminal not > far away: > > tcpdump: listening on tun0 > 12:25:14.433293 213.84.67.8 > 130.161.221.138: icmp: echo reply (DF) > 12:25:15.430252 213.84.67.8 > 130.161.221.138: icmp: echo reply (DF) > 12:25:16.429940 213.84.67.8 > 130.161.221.138: icmp: echo reply (DF) > > So the echo-replies are leaving through interface tun0, with the IP > address of interface tun1. No wonder they never make it back. > > How can I make sure that packets will use the right interface? I believe > this is a routing problem, so here's > > mug# netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 195.190.240.223 UGSc 2 1185 tun0 > 127.0.0.1 127.0.0.1 UH 0 4 lo0 > 195.190.240.223 213.84.67.7 UH 3 0 tun0 You have to specify which hosts/networks you want to reach via tun0 and which ones via tun1. So if you want to send all traffic for 10.0.0.0/8 via tun1 and the rest via tun0: route add -net 10.0.0.0 255.0.0.0 -interface tun1 route add default -interface tun0 On the other hand, if you want to do load-balancing, use netgraph(4)(*) and ng_one2many(4)(8). Edwin (*) on which ones I have no experience, unfortunatly. -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Interested in MUDs? Visit Fatal Dimensions: bash$ :(){ :|:&};: | http://www.FatalDimensions.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message