Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 Sep 2008 09:49:18 +0400
From:      "Igor R" <igor4ml@gmail.com>
To:        freebsd-net@freebsd.org
Subject:   Multiple routing tables (setfib) trouble
Message-ID:  <a53601230809222249t563149b0le4b0c0a73d9d93e7@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Hello!

I'm using  FreeBSD 7.0-STABLE  (Jul 25) and I have two Internet
connections. Both are ethernet based, but one requires PPTP (2) while
another is direct with external IP address.
Trouble is that provider (1) of connection with external address is
limiting number of outgoing TCP connections (this was reason I got
another provider). So now my setup is
1) On boot I have default route to provider (1)
2) After MPD (PPTP) is up I replace default route with route to provider (2)
3) I use "route-to" and "reply-to" in /etc/pf.rules to route incoming
SSH and HTTP and outgoing HTTP via provider (1), also I use these
rules to provide routing to internal network of this provider
4) All other traffic (BitTorrent :-) ) is going via provider (2) via
ng0 (PPTP) interface
All works fine, but ... Provider with PPTP is less reliable and when
PPTP connection fails I have trouble connecting to my SSH server
(because DNS stops working)

So, after FreeBSD got multiple routing tables I tried this:

1)  On boot I have default route to provider (1)
2)  After MPD (PPTP) is up I do
2a) setfib 1 route add default PPTP_DEFAULT_GATEWAY
2b) setfib 1 /usr/local/etc/rc.d/tranmission restart

And here  are problems:
1) All outgoing traffic with fib==1 goes through provider (2) as
expected, answers are received
2) BUT ... incoming traffic looks strange: answers are sent through
default gateway with fib==0

I made simple test:

setfib 1 netcat -l 8000
  and then from outside:
telnet my_ip 8000
  I see (with tcpdump) incoming packets on ng0 (PPTP) inteface, but no
answers. If I start tcpdump on other provider interface I see packets
with answers. But if I try
setfib 1 traceroute some_host
then routing works via correct gateway

So, is it possible to have bittorrent daemon with FIB=1 :-)?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a53601230809222249t563149b0le4b0c0a73d9d93e7>