Subject: Re: connection comes in fxp0 but response goes out fxp1 help?
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: None <firstname.lastname@example.org>
Date: 08/12/2001 16:18:09
First off, YES, I'm definitely interested. Please feel free to email
an attachment to me at your convenience.
Second, it looks like Paul Vixie had some multiple default route
patches so that this sort of behaviour can be automatic.
Third: Can I humbly ask for an official opinion as to why this sort of
option/functionality hasn't made it into the kernel? Logically,
intuitively, if traffic is coming in to IP 10.0.x.x, why would it make
sense to send traffic back out the 64.x.x.x interface with a source of
10.0.x.x? And why shouldn't two default routes be allowed--perhaps a
There was some discussion of the matter previous. Here are references:
(search for '"default" outgoing address')
(search for 'Multiple defaultroutes')
Thanks core et al.
> Stock, you can't - at least last I knew, and I doubt this has changed.
> Traffic always leaves via the interface implied by the route to the
> peer address.
> I did write a pseudo-interface which lets you do routing based on the
> source address. In this case, if I assume you have
> -----+----------------+----------- 10.0.0.0/8
> | 10.0.0.1 | 10.0.1.2
> +----------+ +----fxp0---+ +----------+
> | Router 1 | | Webserver | | Router 2 |
> +----------+ +----fxp1---+ +----------+
> | 220.127.116.11 | 18.104.22.168
> -------+---------------------+----------- 22.214.171.124/24
> then you might set it up thus:
> srtconfig srt0 set 0 10.0.0.0 /8 fxp0 10.0.0.1
> srtconfig srt0 set 1 126.96.36.199 /24 fxp1 188.8.131.52
> ifconfig srt0 192.168.0.1 192.168.0.2 up
> route add default 192.168.0.2
> Then, off-LAN outgoing traffic will be routed to srt0, which will look
> at the source address in the outgoing packet:
> if it's in 10.0.0.0/8, next hop is 10.0.1.1 via fxp0
> if it's in 184.108.40.206/24, next hop is 220.127.116.11 via fxp1
> otherwise, drop the packet
> The reason for giving srt0 an address and routing via it is that this
> logic applies only to packets transmitted on the srt interface. So we
> have to get the traffic we care about sent out srt0.
> It's for 1.4T, but the interfaces it depends on have been pretty stable
> for a while, so it probably would require little to no work to port
> forward to -current or backward to 1.4.x; I didn't see any mention of
> what version you're using.
> As always, I'll be happy to send a copy to whoever wants it.
> /~\ The ASCII der Mouse
> \ / Ribbon Campaign
> X Against HTML email@example.com
> / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B