From owner-freebsd-net@FreeBSD.ORG Thu Nov 13 22:02:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9827416A4CF for ; Thu, 13 Nov 2003 22:02:54 -0800 (PST) Received: from modernage.dns-safe.com (ns3.dns-safe.com [64.62.137.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 934A844001 for ; Thu, 13 Nov 2003 22:02:53 -0800 (PST) (envelope-from jason@dixongroup.net) Received: from md-wmnsmd-cuda1-c8c-27.chvlva.adelphia.net ([68.170.95.27] helo=uniauth1.corp.digex.com) by modernage.dns-safe.com with esmtp (Exim 4.24) id 1AKX2k-0005li-CW for freebsd-net@freebsd.org; Fri, 14 Nov 2003 00:02:32 -0600 From: Jason Dixon To: freebsd-net@freebsd.org Content-Type: text/plain Organization: DixonGroup Consulting Message-Id: <1068789760.2775.18.camel@lappy.fuzzypenguin.net> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.0 Date: 14 Nov 2003 01:02:40 -0500 Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - modernage.dns-safe.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - dixongroup.net Subject: Static route via address, not interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2003 06:02:54 -0000 Sorry if this is well-traveled territory, but I haven't found anything relevant in the lists, handbook or FAQ. I have a setup on a network where 802.11b traffic from a group of wireless hosts is "reflected" off the internal interface of an OpenBSD firewall. In order to encrypt all wireless traffic, I enforce a series of host tunnels from the wireless clients into the gateway. This requires that *all* LAN hosts "bounce" off the firewall in order to ensure proper routing both ways. For any traffic destined from one of these systems (say, my Linux laptop, for example) to another local host, packets traverse an IPsec tunnel, exit on enc0 of the firewall, and are NATted back into the wired segment (fxp1). With Linux and Windows hosts, I'm able to add static routes to bind to the gateway IP address (192.168.0.1). Unfortunately, it appears that FreeBSD (4.9-RELEASE) ignores my intent, instead assuming(?) that I wish to assign the route to the interface, rather than the IP. The expected behavior is that traffic is routed locally, rather than across the gateway, breaking all TCP traffic. Any ideas? Am I overlooking something simple? Here is the route command I've used and my routing table: route add -net 192.168.0.0 192.168.0.1 -netmask 255.255.255.0 Destination Gateway Flags Refs Use Netif Expire default 192.168.0.1 UGSc 2 0 fxp0 127.0.0.1 127.0.0.1 UH 1 0 lo0 192.168.0 link#1 UC 3 0 fxp0 192.168.0.1 00:a0:cc:e2:7e:f4 UHLW 3 808 fxp0 596 192.168.0.42 00:05:5d:a6:df:e3 UHLW 1 63 fxp0 992 192.168.0.53 127.0.0.1 UGHS 0 0 lo0 Thanks in advance, -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net