tech-net: Re: connection comes in fxp0 but response goes out fxp1 help?

Subject: Re: connection comes in fxp0 but response goes out fxp1 help?
To: None <sudog@sudog.com>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-net
Date: 08/12/2001 16:34:11

> I also have a web-server sitting in here.  If traffic comes in
> through router #1 (and hits the web-server's 10.x address) I very
> much want the answer to go back out the 10.x interface.  If traffic
> comes in the other link (directly connected) I want the answer to do
> the same.

> How do I do this?

Stock, you can't - at least last I knew, and I doubt this has changed.
Traffic always leaves via the interface implied by the route to the
peer address.

I did write a pseudo-interface which lets you do routing based on the
source address.  In this case, if I assume you have

-----+----------------+-----------  10.0.0.0/8
     | 10.0.0.1       | 10.0.1.2
+----------+    +----fxp0---+          +----------+
| Router 1 |    | Webserver |          | Router 2 |
+----------+    +----fxp1---+          +----------+
                      | 12.34.56.78         | 12.34.56.1
               -------+---------------------+----------- 12.34.56.0/24

then you might set it up thus:

srtconfig srt0 set 0 10.0.0.0 /8 fxp0 10.0.0.1
srtconfig srt0 set 1 12.34.56.0 /24 fxp1 12.34.56.1
ifconfig srt0 192.168.0.1 192.168.0.2 up
route add default 192.168.0.2

Then, off-LAN outgoing traffic will be routed to srt0, which will look
at the source address in the outgoing packet:
	if it's in 10.0.0.0/8, next hop is 10.0.1.1 via fxp0
	if it's in 12.34.56.0/24, next hop is 12.34.56.1 via fxp1
	otherwise, drop the packet

The reason for giving srt0 an address and routing via it is that this
logic applies only to packets transmitted on the srt interface.  So we
have to get the traffic we care about sent out srt0.

It's for 1.4T, but the interfaces it depends on have been pretty stable
for a while, so it probably would require little to no work to port
forward to -current or backward to 1.4.x; I didn't see any mention of
what version you're using.

As always, I'll be happy to send a copy to whoever wants it.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B