Date: Thu, 30 Jan 2003 10:57:16 +0200 From: Ruslan Ermilov <ru@freebsd.org> To: Dave Cornejo <dave@dogwood.com> Cc: net@freebsd.org Subject: Re: unique routing problem Message-ID: <20030130085716.GC22684@sunbay.com> In-Reply-To: <200301292207.h0TM7XPL094933@white.dogwood.com> References: <200301292207.h0TM7XPL094933@white.dogwood.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--V88s5gaDVPzZ0KCq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 29, 2003 at 02:07:32PM -0800, Dave Cornejo wrote: > Hi, >=20 > I've got a unique routing problem: >=20 > local network is 192.168.1.0/24 >=20 > 192.168.1.4 > | > | > 192.168.1.1 -- ethernet -- 192.168.1.2 / global IP addr -- internet > | > | > 192.168.1.3 >=20 > now, the rules: >=20 > 1) .1 may directly exchange packets with .4 and .2 only, it may not > exchange packets with .3 directly. >=20 > 2) .2 may directly exchange packets with any host >=20 > 3) .2 acts as the gateway to the internet >=20 > the problem is that I need to be able to set up the routing tables so > that if .1 needs to connect to .3 that it goes through .2. If it > needs to connect to .4 or .2 it can do that directly. To make things > even more fun, any number of hosts may join or leave the network at > any point and the lists of which hosts have direct connectivity is > dynamic. But I think that if I can solve the above problem that I'll > have what I need to solve the rest of it. >=20 I'd love to say that this is easy, but it's not, though possible. Let's assume that 192.168.1 is 192.168.4 (I have that network), and .1 is .115 and .2 is .65. So, we now have the picture like this: > 192.168.4.4 > | > | > 192.168.4.115 -- ethernet -- 192.168.4.65 / global IP addr -- internet > | > | > 192.168.4.3 Then, on .115, the initial config is as follows: : allmouth# ifconfig -a inet : rl0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 : inet 192.168.4.115 netmask 0xffffff00 broadcast 192.168.4.255 : lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 : inet 127.0.0.1 netmask 0xff000000 : allmouth# netstat -arn -finet : Routing tables :=20 : Internet: : Destination Gateway Flags Refs Use Netif Expire : default 192.168.4.65 UGSc 2 88 rl0 : 127.0.0.1 127.0.0.1 UH 1 6956 lo0 : 192.168.4 link#1 UC 1 0 rl0 : 192.168.4.65 00:d0:b7:16:9c:c6 UHLW 1 22 rl0 1187 The idea is to set up the static ARP entries for only 4.65 and probably some more, like 192.168.1.4 in your case, and have the rest services through the "default". Let's try: : allmouth# route delete -net 192.168.4 : delete net 192.168.4 : allmouth# netstat -arn -finet : Routing tables :=20 : Internet: : Destination Gateway Flags Refs Use Netif Expire : default 192.168.4.65 UGSc 2 88 rl0 : 127.0.0.1 127.0.0.1 UH 1 6956 lo0 : allmouth# arp -s 192.168.4.65 00:d0:b7:16:9c:c6 : cannot intuit interface index and type for 192.168.4.65 Bah! This is the known and purposedly made limitation in arp(8). Fortunately, we have the power of route(8), but it's a bit tricky: : allmouth# route add -host 192.168.4.65 -link rl0:00:d0:b7:16:9c:c6 -iface : add host 192.168.4.65: gateway rl0:00:d0:b7:16:9c:c6 : allmouth# netstat -arn : Routing tables :=20 : Internet: : Destination Gateway Flags Refs Use Netif Expire : default 192.168.4.65 UGSc 4 600 rl0 : 127.0.0.1 127.0.0.1 UH 1 6956 lo0 : 192.168.4.65 00:d0:b7:16:9c:c6 UHLS 0 0 rl0 The key here is -iface which marks this route as "direct". Now you can ping 192.168.4.65. Everything else will be accessed through 192.168.4.65. If you later say ping 192.168.4.111, you'll see: : allmouth# traceroute -q1 -n 192.168.4.111 : traceroute to 192.168.4.111 (192.168.4.111), 64 hops max, 44 byte packets : 1 192.168.4.65 0.304 ms : 2 192.168.4.111 0.314 ms : allmouth# netstat -arn : Routing tables :=20 : Internet: : Destination Gateway Flags Refs Use Netif Expire : default 192.168.4.65 UGSc 5 1384 rl0 : 127.0.0.1 127.0.0.1 UH 1 6956 lo0 : 192.168.4.65 00:d0:b7:16:9c:c6 UHLS 2 4 rl0 : 192.168.4.111 192.168.4.65 UGHW 0 0 rl0 : 192.168.4.255 192.168.4.65 UGHW3b 0 1 rl0 3419 You will probably also want to set net.inet.ip.redirect=3D0 on 192.168.4.65, like is the case here, in my situation, but it is used to overcome some routing issues with IPSec, that's a different story. But notice that the reply packets from 192.168.4.111 to 192.168.4.115 will go directly. To overcome this, the next magic should be done: On 192.168.4.115, you configure the interface (rl0 here) with -noarp (ifconfig rl0 -noarp). You set up the ARP proxy entry for 192.168.4.115 on 192.168.4.65, and add the static ARP entry on 192.168.4.65 for 192.168.4.115 (in this case, this can be done with plain arp(8)). Hope this helps! > BTW, If anyone that can answer this needs a job or contract please let > me know... >=20 I do. P.S. That was a really entertaining question, thankyou! :-) Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --V88s5gaDVPzZ0KCq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+OOjsUkv4P6juNwoRAuXjAJ0dzHHRWLihzznxh2v6IhSzPgAuPACfQjTq BvTcaF0VC9rXsQr34mkP0Uw= =i/cF -----END PGP SIGNATURE----- --V88s5gaDVPzZ0KCq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030130085716.GC22684>