From owner-freebsd-net Fri Nov 29 4:42:54 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9170C37B401 for ; Fri, 29 Nov 2002 04:42:53 -0800 (PST) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with SMTP id 484C943EC2 for ; Fri, 29 Nov 2002 04:42:52 -0800 (PST) (envelope-from oppermann@pipeline.ch) Received: (qmail 79956 invoked from network); 29 Nov 2002 12:42:31 -0000 Received: from unknown (HELO pipeline.ch) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 29 Nov 2002 12:42:31 -0000 Message-ID: <3DE76072.DC64205E@pipeline.ch> Date: Fri, 29 Nov 2002 13:41:22 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Helge Oldach Cc: freebsd-net@freebsd.org Subject: Re: Multihoming - implementing RFC 1122 References: <200211282148.gASLmpas025733@sep.oldach.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Helge Oldach wrote: > > All, > > I wonder whether there are plans to complete implementation of the > "strong ES" model as described in RFC 1122 for multihoming hosts on > FreeBSD. Essentially this would assure that a multihomed host would > send and receive IP packets through the "correct" interface (that is, > the physical interface that is configured with the IP address used in > the packets). > > Currently the incoming part is already present through the > net.inet.ip.check_interface sysctl. If enabled, this would drop packets > which arrive on an interface with a different IP address than the one of > the interface. > > But what about the sending side? This appears to be missing. We would > need to forward packets not according to the routing table, but > according to the source address of the packet (if already defined, > otherwise it would be defined through the routing table first). This is also called policy routing. > Is anybody aware of this issue? I personally consider this as beneficial > for firewall-type setups. Are there plans to implement it? Claudio and I are (somewhat slower than expected) working on it. We into detail there once we have completet the new natd (release candidate available) and the TCP hostcache (80% done). -- Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message