From owner-freebsd-net@freebsd.org Sun Feb 5 18:44:32 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A9288CD2319 for ; Sun, 5 Feb 2017 18:44:32 +0000 (UTC) (envelope-from alarig@swordarmor.fr) Received: from kaiminus.swordarmor.fr (kaiminus.swordarmor.fr [IPv6:2a00:5884:8200:15::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 446A1149C for ; Sun, 5 Feb 2017 18:44:32 +0000 (UTC) (envelope-from alarig@swordarmor.fr) Received: from mew.swordarmor.fr (mew.swordarmor.fr [IPv6:2a00:5884:102:1::4]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by kaiminus.swordarmor.fr (Postfix) with ESMTPSA id 92D698928C for ; Sun, 5 Feb 2017 19:44:26 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swordarmor.fr; s=default; t=1486320266; bh=krBB6AtMuphyw69uVKBsraeeMyUFUEm8kfn34UQY/qU=; h=Date:From:To:Subject:References:In-Reply-To; b=J2ZkZrbNZeOO/qKRldhCPWlUP4DS6RamtcOGBZqpT2d1xamyUDz/r3aWtYKmRmTcw uPwQcQraZQDiFYycxivNA5k/ERKsjv3lO2kIPsI2h2IcO+b7hXpqPGDAu1dITfOBdr 7hx9aU+ImuMFrpgkUPPl03jqXhmgedMwLcQV+VMs= Date: Sun, 5 Feb 2017 19:44:20 +0100 From: Alarig Le Lay To: freebsd-net@freebsd.org Subject: Re: Avoid using RFC3927 outside of the link Message-ID: <20170205184420.yv7vteskd7t7sd67@mew.swordarmor.fr> References: <20161219184617.7yph7isgtgjy4mja@kaiminus> <58582C25.7090806@grosbein.net> <20161219190506.kc32q7sz3okekup7@kaiminus> <58583645.3090502@grosbein.net> <20161219210150.mf4cwx3k33x2qbbe@kaiminus> <58589E28.9020900@grosbein.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="m2tikxai5vi7dqy7" Content-Disposition: inline In-Reply-To: <58589E28.9020900@grosbein.net> User-Agent: NeoMutt/20170128 (1.7.2) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2017 18:44:32 -0000 --m2tikxai5vi7dqy7 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On mar. 20 d=C3=A9c. 09:57:44 2016, Eugene Grosbein wrote: > 20.12.2016 4:01, Alarig Le Lay =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > > On Tue Dec 20 02:34:29 2016, Eugene Grosbein wrote: > > > Well, you can always use brute force instead: > > >=20 > > > ipfw nat 169 config reset ip 89.234.186.1 && \ > > > ipfw add 60 nat 169 ip from 169.254.0.0/16 to any out xmit igb0 > > >=20 > > > That's ugly but works. > >=20 > > I will work just by side effect: by doing this, I will send BGP packets > > from 89.234.186.1, which is an IP than the peer learned by BGP. This wi= ll > > create a recursive loop, and the session will be shut. So, no more > > traffic will transit through this interface, and this IP will not be > > displayed anymore :p >=20 > You could also use another public IP as primary address for interface in = question > and an address from 169.254.0.0/16 as secondary one. BGP will still work = and > kernel/ICMP will use public IP. Hi, I tried this, but the box is still replying from 169.254.0.0/16: alarig@scw-0eb563:~$ mtr -4bw kaiminus.swordarmor.fr Start: Sun Feb 5 18:33:13 2017 HOST: scw-0eb563 Loss% Snt La= st Avg Best Wrst StDev 1.|-- 10.2.18.150 0.0% 10 = 0.4 0.4 0.3 0.5 0.0 2.|-- ??? 100.0 10 = 0.0 0.0 0.0 0.0 0.0 3.|-- 10.1.96.0 0.0% 10 = 0.6 0.6 0.5 0.9 0.0 4.|-- ??? 100.0 10 = 0.0 0.0 0.0 0.0 0.0 5.|-- 188-225-47-212.int.cloud.online.net (212.47.225.188) 0.0% 10 = 1.9 1.3 0.6 2.3 0.0 6.|-- 195.154.1.38 0.0% 10 = 1.9 1.3 1.0 2.1 0.0 7.|-- 195.154.1.193 0.0% 10 = 2.2 2.7 1.4 5.7 1.2 8.|-- equinix-th2.quantic-telecom.net (195.42.144.192) 0.0% 10 = 1.6 1.8 1.2 2.8 0.3 9.|-- 185.132.75.33 0.0% 10 = 8.2 8.4 7.8 9.4 0.3 10.|-- 169.254.1.3 0.0% 10 = 8.4 8.6 7.9 9.4 0.0 11.|-- kaiminus.swordarmor.fr (89.234.186.26) 0.0% 10 = 8.1 9.2 8.1 9.9 0.3 I did this commands: birdc disable bgp_quantic birdc6 disable bgp_quantic ifconfig em0.21 down ifconfig em0.21 destroy ifconfig em0.21 create ifconfig em0.21 description "transit quantic" ifconfig em0.21 vlan 21 vlandev em0 ifconfig em0.21 inet 169.254.1.2/29 ifconfig em0.21 inet 89.234.186.7/32 alias ifconfig em0.21 inet6 2a06:e040:3501:0101:0002::2/80 birdc enable bgp_quantic birdc6 enable bgp_quantic I also tried to put 89.234.186.7/32 as primary and 169.254.1.2/29 as alias. Also, the routes are installed like this: root@nominoe:~ # netstat -rn | grep 169.254.1.1 | head 1.0.129.0/24 169.254.1.1 UG1 em0.21 1.0.144.0/20 169.254.1.1 UG1 em0.21 So, am I right if I say that the box will always use 169.254.1.2 as source address because the next hop is 169.254.1.1? Thanks, --=20 alarig --m2tikxai5vi7dqy7 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE+2yGwT0H0n57WkRbrzhKwWsgK4gFAliXcoEACgkQrzhKwWsg K4iNPgf+KCTj67ch0RyUyb8XJXh9sZYDAsBMNcl/oMLlcXUVCSFUeqhqn7fpdmOw 33e7ULADjHwoO7eojnDtQ+WMT7IwDY6Y3hvyHHmz29In47fkyPbsN6GPusFeJVVY x7P4RoGJWfF4rOsxhoqD1XqWN9Dtf7kmguQufy9wGH913CoeBlgka3SLYXTD1CvF GP7X4pOshyRR0q8decdV+7SHdvWWfRNXH49ddHKuAGHWVCieDRgLIhH5t3O3O+Sp VfkSPwzVzizncPqol111X5SQ93zAMQtnl7SV4za6s586kKh84qsRn0B8ZRvQhZR+ UoisbSg539bW20PfLTuzd+KvI1zjyA== =mT4T -----END PGP SIGNATURE----- --m2tikxai5vi7dqy7--