From owner-freebsd-net@FreeBSD.ORG Sun Nov 16 23:02:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B9AE116A4CE for ; Sun, 16 Nov 2003 23:02:27 -0800 (PST) Received: from vbook.fbsd.ru (asplinux.ru [195.133.213.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7240443F93 for ; Sun, 16 Nov 2003 23:02:26 -0800 (PST) (envelope-from vova@vbook.fbsd.ru) Received: from vova by vbook.fbsd.ru with local (Exim 4.24; FreeBSD 5.1) id 1ALcy9-00011v-3v; Mon, 17 Nov 2003 09:34:41 +0300 From: "Vladimir B. Grebenschikov" To: Jason Dixon In-Reply-To: <1068831665.2775.33.camel@lappy.fuzzypenguin.net> References: <1068789760.2775.18.camel@lappy.fuzzypenguin.net> <1068813508.814.4.camel@localhost> <1068831665.2775.33.camel@lappy.fuzzypenguin.net> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: quoted-printable Organization: SWsoft Inc. Message-Id: <1069050878.1941.7.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Mon, 17 Nov 2003 09:34:40 +0300 Sender: Vladimir Grebenschikov cc: freebsd-net@freebsd.org Subject: Re: Static route via address, not interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 07:02:27 -0000 =F7 =D0=D4, 14.11.2003, =D7 20:41, Jason Dixon =D0=C9=DB=C5=D4: > On Fri, 2003-11-14 at 07:38, Vladimir B. Grebenschikov wrote: >=20 > > I guess - you already have 192.168.0.0/24 route entry, added by command= : > > ifconfig fxp0 192.168.0.53/24=20 > >=20 > > so now you need: > > remove network route via interface: > > route delete 192.168.0.0/24 > > add interface route (kernel should know how to reach router)=20 > > route add 192.168.0.1/32 -iface fxp0 -cloning > > and then add network route via router > > route add 192.168.0.0/24 192.168.0.1 >=20 > I guess I didn't make it clear enough, let me try again. >=20 > I'm attempting to create a static route for my FreeBSD host so that > *all* local traffic is routed across the gateway firewall, rather than > being delivered on the local network segment, as is the default with > LANs. If you view the routing table (below) again, you'll notice that > traffic from the FreeBSD box (192.168.0.53) to another box on the same > subnet (192.168.0.42) is still being delivered locally, rather than > being routed through the gateway (192.168.0.1). This is *after* I've > added a static route for 192.168.0.0/24 to use 192.168.0.1. I understand you by previous message, so there is transcript of my configuration (I have 172.22.2.0/24 segment attached with router 172.22.2.1 and my address 172.22.2.3) Initial stage: I have directly routed subnet. # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.22.2.1 UGSc 0 1 fxp0 127.0.0.1 127.0.0.1 UH 1 312 lo0 172.22.2/24 link#2 UC 0 0 fxp0 172.22.2.1 00:a0:c9:04:7d:2c UHLW 11 279 fxp0 =20 1132 172.22.2.2 00:a0:c9:c7:fc:fa UHLW 1 57286 fxp0 =20 1194 172.22.2.3 127.0.0.1 UGHS 0 1 lo0 172.22.2.255 ff:ff:ff:ff:ff:ff UHLWb 2 163 fxp0 Now I am removing routing of subnet directly via interface: # route delete 172.22.2.0/24 delete net 172.22.2.0 # netstat -rn=20 Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.22.2.1 UGSc 1 1 fxp0 127.0.0.1 127.0.0.1 UH 1 312 lo0 172.22.2.3 127.0.0.1 UGHS 0 1 lo0 Now I am adding routing for router address only (kernel need to know how to reach router) # route add 172.22.2.1/32 -iface fxp0 -cloning add net 172.22.2.1: gateway fxp0 # ping -c1 172.22.2.1 PING 172.22.2.1 (172.22.2.1): 56 data bytes 64 bytes from 172.22.2.1: icmp_seq=3D0 ttl=3D64 time=3D0.462 ms --- 172.22.2.1 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev =3D 0.462/0.462/0.462/0.000 ms # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.22.2.1 UGSc 1 1 fxp0 127.0.0.1 127.0.0.1 UH 1 312 lo0 172.22.2.1 00:a0:c9:04:7d:2c UHLW 0 1 fxp0 =20 1196 =3D> 172.22.2.1/32 link#2 UCS 0 0 fxp0 172.22.2.3 127.0.0.1 UGHS 0 1 lo0 So, there is only route for router and myself in routing table. No I'll add route for all 172.22.2 network: add net 172.22.2.0: gateway 172.22.2.1 # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.22.2.1 UGSc 1 1 fxp0 127.0.0.1 127.0.0.1 UH 1 312 lo0 172.22.2/24 172.22.2.1 UGSc 0 0 fxp0 172.22.2.1 00:a0:c9:04:7d:2c UHLW 1 1 fxp0 =20 1184 =3D> 172.22.2.1/32 link#2 UCS 0 0 fxp0 172.22.2.3 127.0.0.1 UGHS 0 1 lo0 Look 172.22.2.0/24 via 172.22.2.1, let's check it: # ping -c1 172.22.2.2 PING 172.22.2.2 (172.22.2.2): 56 data bytes 36 bytes from dev (172.22.2.1): Redirect Host(New addr: 172.22.2.2) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 c802 0 0000 40 01 5675 172.22.2.3 172.22.2.2=20 > router complains here about possible direct way, by this can be switched of by sysctl on router 64 bytes from 172.22.2.2: icmp_seq=3D0 ttl=3D64 time=3D0.611 ms --- 172.22.2.2 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev =3D 0.611/0.611/0.611/0.000 ms # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.22.2.1 UGSc 1 1 fxp0 127.0.0.1 127.0.0.1 UH 1 312 lo0 172.22.2/24 172.22.2.1 UGSc 0 1 fxp0 172.22.2.1 00:a0:c9:04:7d:2c UHLW 1 2 fxp0 =20 1164 =3D> 172.22.2.1/32 link#2 UCS 0 0 fxp0 172.22.2.3 127.0.0.1 UGHS 0 1 lo0 #=20 Anyway all traffic directed through router=20 # ping -n -c1 -R 172.22.2.2 PING 172.22.2.2 (172.22.2.2): 56 data bytes 64 bytes from 172.22.2.2: icmp_seq=3D0 ttl=3D64 time=3D0.659 ms RR: 172.22.2.1 172.22.2.2 172.22.2.3 --- 172.22.2.2 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev =3D 0.659/0.659/0.659/0.000 ms #=20 --=20 Vladimir B. Grebenschikov SWsoft Inc.