From owner-freebsd-questions@FreeBSD.ORG Mon Jul 28 23:19:52 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9EE8E106566C for ; Mon, 28 Jul 2008 23:19:52 +0000 (UTC) (envelope-from unexpectedvalue@yahoo.com) Received: from web65411.mail.ac4.yahoo.com (web65411.mail.ac4.yahoo.com [76.13.9.31]) by mx1.freebsd.org (Postfix) with SMTP id 25C598FC0A for ; Mon, 28 Jul 2008 23:19:51 +0000 (UTC) (envelope-from unexpectedvalue@yahoo.com) Received: (qmail 11147 invoked by uid 60001); 28 Jul 2008 22:53:11 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=QcEwjwb4x268KWlW5usJ1MbU/if2E2Gf2P2eMT8KhSpTjhA/dQxQX6HvXf6ShO70URSn1HhgdP5d5TA8qeiyYKzDYLsbBrS4A5aWYqraYI/ah0b+g1/BYQmjxsM0k3AIYeo0Q2gMMIDPlC8tOTWy4B5BFGeu+EvYV4EaRDvZ+gI=; X-YMail-OSG: 5CXTG8cVM1nayQt3_N5KVG7sp3gdH0iGzrU.1Un.Ba3FXonorHLgOSHdGDGjUGDQ4aH0CyKciaNqnR0d6uQeFop0YP9KRnrrpae6TtlyVTMswP8eWwUSm7jcl2E263Div4g- Received: from [66.93.136.35] by web65411.mail.ac4.yahoo.com via HTTP; Mon, 28 Jul 2008 15:53:11 PDT Date: Mon, 28 Jul 2008 15:53:11 -0700 (PDT) From: True Entropy To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <135815.9131.qm@web65411.mail.ac4.yahoo.com> Subject: source routing across routing problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2008 23:19:52 -0000 This may have nothing to do with FreeBSD, but maybe someone will have a suggestion: We have servers A, B and C connected to three different ISPs on 3 continents. As of few days ago A and C cannot talk to each other (the routing problem is upstream of all end-point ISPs so who knows when will it be solved.) B can talk to both A and C. The 'obvious' idea is to use B as relay and source-route traffic between A and C to go via B. However, no amount of static routing, firewall allow-ing, sysctl-ing would do the trick. The packet would never even leave from A or C for the other side. Is there some other barrier to the source routing that has not been taken care of? I know that this can be taken care of with ssh tunnelling for each specific application/protocol, but the networks are more complex than abstracted here. In short, this was attempted: A: route add C B sysctl net.inet.ip.sourceroute=1 sysctl net.inet.ip.accept_sourceroute=1 B: rc.conf: gateway_enable="YES" sysctl net.inet.ip.sourceroute=1 sysctl net.inet.ip.accept_sourceroute=1 ipfw add pass ip from A to B ipfw add pass ip from B to A C: route add A B sysctl net.inet.ip.sourceroute=1 sysctl net.inet.ip.accept_sourceroute=1 . end . (spam starts here)