Date: 14 Nov 2003 01:02:40 -0500 From: Jason Dixon <jason@dixongroup.net> To: freebsd-net@freebsd.org Subject: Static route via address, not interface Message-ID: <1068789760.2775.18.camel@lappy.fuzzypenguin.net>
next in thread | raw e-mail | index | archive | help
Sorry if this is well-traveled territory, but I haven't found anything relevant in the lists, handbook or FAQ. I have a setup on a network where 802.11b traffic from a group of wireless hosts is "reflected" off the internal interface of an OpenBSD firewall. In order to encrypt all wireless traffic, I enforce a series of host tunnels from the wireless clients into the gateway. This requires that *all* LAN hosts "bounce" off the firewall in order to ensure proper routing both ways. For any traffic destined from one of these systems (say, my Linux laptop, for example) to another local host, packets traverse an IPsec tunnel, exit on enc0 of the firewall, and are NATted back into the wired segment (fxp1). With Linux and Windows hosts, I'm able to add static routes to bind to the gateway IP address (192.168.0.1). Unfortunately, it appears that FreeBSD (4.9-RELEASE) ignores my intent, instead assuming(?) that I wish to assign the route to the interface, rather than the IP. The expected behavior is that traffic is routed locally, rather than across the gateway, breaking all TCP traffic. Any ideas? Am I overlooking something simple? Here is the route command I've used and my routing table: route add -net 192.168.0.0 192.168.0.1 -netmask 255.255.255.0 Destination Gateway Flags Refs Use Netif Expire default 192.168.0.1 UGSc 2 0 fxp0 127.0.0.1 127.0.0.1 UH 1 0 lo0 192.168.0 link#1 UC 3 0 fxp0 192.168.0.1 00:a0:cc:e2:7e:f4 UHLW 3 808 fxp0 596 192.168.0.42 00:05:5d:a6:df:e3 UHLW 1 63 fxp0 992 192.168.0.53 127.0.0.1 UGHS 0 0 lo0 Thanks in advance, -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1068789760.2775.18.camel>