tech-net: Re: connection comes in fxp0 but response goes out fxp1 help?

Subject: Re: connection comes in fxp0 but response goes out fxp1 help?
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Matthew <M@MLNET.NET>
List: tech-net
Date: 08/13/2001 06:51:39

der Mouse,

Yes please - I am using 1.4.2

This is usefull for multiple leased lines with different IP allocations from different
ISPs who refuse to use BGP for whatever reason.

Should something like this be included in NetBSD?  I would like it.

Regards

M

der Mouse wrote:
> 
> > I also have a web-server sitting in here.  If traffic comes in
> > through router #1 (and hits the web-server's 10.x address) I very
> > much want the answer to go back out the 10.x interface.  If traffic
> > comes in the other link (directly connected) I want the answer to do
> > the same.
> 
> > How do I do this?
> 
> Stock, you can't - at least last I knew, and I doubt this has changed.
> Traffic always leaves via the interface implied by the route to the
> peer address.
> 
> I did write a pseudo-interface which lets you do routing based on the
> source address.  In this case, if I assume you have
> 
> -----+----------------+-----------  10.0.0.0/8
>      | 10.0.0.1       | 10.0.1.2
> +----------+    +----fxp0---+          +----------+
> | Router 1 |    | Webserver |          | Router 2 |
> +----------+    +----fxp1---+          +----------+
>                       | 12.34.56.78         | 12.34.56.1
>                -------+---------------------+----------- 12.34.56.0/24
> 
> then you might set it up thus:
> 
> srtconfig srt0 set 0 10.0.0.0 /8 fxp0 10.0.0.1
> srtconfig srt0 set 1 12.34.56.0 /24 fxp1 12.34.56.1
> ifconfig srt0 192.168.0.1 192.168.0.2 up
> route add default 192.168.0.2
> 
> Then, off-LAN outgoing traffic will be routed to srt0, which will look
> at the source address in the outgoing packet:
>         if it's in 10.0.0.0/8, next hop is 10.0.1.1 via fxp0
>         if it's in 12.34.56.0/24, next hop is 12.34.56.1 via fxp1
>         otherwise, drop the packet
> 
> The reason for giving srt0 an address and routing via it is that this
> logic applies only to packets transmitted on the srt interface.  So we
> have to get the traffic we care about sent out srt0.
> 
> It's for 1.4T, but the interfaces it depends on have been pretty stable
> for a while, so it probably would require little to no work to port
> forward to -current or backward to 1.4.x; I didn't see any mention of
> what version you're using.
> 
> As always, I'll be happy to send a copy to whoever wants it.
> 
> /~\ The ASCII                           der Mouse
> \ / Ribbon Campaign
>  X  Against HTML               mouse@rodents.montreal.qc.ca
> / \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B