Date: Fri, 14 Nov 2003 15:38:30 +0300 From: "Vladimir B. Grebenschikov" <vova@fbsd.ru> To: Jason Dixon <jason@dixongroup.net> Cc: freebsd-net <net@freebsd.org> Subject: Re: Static route via address, not interface Message-ID: <1068813508.814.4.camel@localhost> In-Reply-To: <1068789760.2775.18.camel@lappy.fuzzypenguin.net> References: <1068789760.2775.18.camel@lappy.fuzzypenguin.net>
next in thread | previous in thread | raw e-mail | index | archive | help
=F7 =D0=D4, 14.11.2003, =D7 09:02, Jason Dixon =D0=C9=DB=C5=D4: > Sorry if this is well-traveled territory, but I haven't found anything > relevant in the lists, handbook or FAQ. >=20 > I have a setup on a network where 802.11b traffic from a group of > wireless hosts is "reflected" off the internal interface of an OpenBSD > firewall. In order to encrypt all wireless traffic, I enforce a series > of host tunnels from the wireless clients into the gateway. This > requires that *all* LAN hosts "bounce" off the firewall in order to > ensure proper routing both ways. >=20 > For any traffic destined from one of these systems (say, my Linux > laptop, for example) to another local host, packets traverse an IPsec > tunnel, exit on enc0 of the firewall, and are NATted back into the wired > segment (fxp1). With Linux and Windows hosts, I'm able to add static > routes to bind to the gateway IP address (192.168.0.1). >=20 > Unfortunately, it appears that FreeBSD (4.9-RELEASE) ignores my intent, > instead assuming(?) that I wish to assign the route to the interface, > rather than the IP. The expected behavior is that traffic is routed > locally, rather than across the gateway, breaking all TCP traffic. >=20 > Any ideas? Am I overlooking something simple? Here is the route > command I've used and my routing table: >=20 > route add -net 192.168.0.0 192.168.0.1 -netmask 255.255.255.0 >=20 > Destination Gateway Flags Refs Use Netif Expir= e > default 192.168.0.1 UGSc 2 0 fxp0 > 127.0.0.1 127.0.0.1 UH 1 0 lo0 > 192.168.0 link#1 UC 3 0 fxp0 > 192.168.0.1 00:a0:cc:e2:7e:f4 UHLW 3 808 fxp0 59= 6 > 192.168.0.42 00:05:5d:a6:df:e3 UHLW 1 63 fxp0 99= 2 > 192.168.0.53 127.0.0.1 UGHS 0 0 lo0 I guess - you already have 192.168.0.0/24 route entry, added by command: ifconfig fxp0 192.168.0.53/24=20 so now you need: remove network route via interface: route delete 192.168.0.0/24 add interface route (kernel should know how to reach router)=20 route add 192.168.0.1/32 -iface fxp0 -cloning and then add network route via router route add 192.168.0.0/24 192.168.0.1 > Thanks in advance, --=20 Vladimir B. Grebenschikov <vova@fbsd.ru> SWsoft Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1068813508.814.4.camel>