Subject: Re: routing by source address using srt and ipf
To: Eric Haszlakiewicz <email@example.com>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 01/19/2005 05:32:58
> I've been trying to set up my router to route packets based on the
> source address. [...]
> then I found derMouse's srt interface, which sounds like it's about
> what I need. I ported it to NetBSD 2.0 (the verion on his ftp site
> seems to be from sometime before 1.5N),
Right. 1.4T, to be precise, like almost all my work.
> got it somewhat working, but then couldn't figure out how to
> configure it to do what I wanted. It would end up changing the
> source address of packets to the local address of the srt interface.
*Changing*? That is definitely a bug.
But if this really is "changes things so that packets are originated
with their source address set to the srt interface's address", that is
normal. When packets are originated, they get their source address set
to the address configured on the interface they go out via, and srt0
does nothing to change that.
Since srt is a POINTOPOINT interface, you can configure its address to
match your usual IP address, if that's what you want. (I have been
known to use an srt interface configured to route everything to the
same place specifically to get the differing source address semantics.)
> I'm not sure whether this is a bug in srt, a bug in porting it to
> 2.0, or a misunderstanding on my part as to how it is supposed to
Most likely the last, I'd hazard to guess.
> oaddr1, inthost_addr1,
> ogw (oaddr2) int_addr inthost_addr2 (nat'd bimap oaddr2, naddr2)
> onet ----------router-------------- internal host
> ngw (naddr2)|
> nnet ----------------
> What I want to have happen is for traffic to/from IP addresses oaddr1
> and oaddr2 to go out the old inet interface, but traffic to/from
> naddr1 and naddr2 to go out the new inet interface.
> And, all traffic to oaddr2/naddr2 ends up at the internal host.
I'm not sure how this is going to interact with ipnat; I don't use NAT,
so I never cared how srt interacted with it. But if we're talking
about just the *addr1 addresses, then here's a setup, assuming
- you're not using 172.16/12 addresses for anything else
- you want traffic originating from router to come from naddr1 (and
thus go out via ngw)
- on router, ogw is reached via interface oif0 and ngw is reached via
interface bonk0..uh, nif0
- there should never be any traffic going out with any from address
except oaddr1 or naddr1, and thus we can drop any such
ifconfig srt0 naddr1 172.16.0.1
srtconfig srt0 set 0 naddr1 /32 nif0 ngw
srtconfig srt0 set 1 oaddr1 /32 oif0 ogw
route add default 172.16.0.1
Now, traffic to (say) 22.214.171.124 will take the default route and go out
srt0 with next-hop address 172.16.0.1. The srt code will take this and
peek at ip_src; it will then either hand it to nif0 with ngw as the
next-hop address (if ip_src is naddr1) or oif0 with ogw as the next-hop
address (if ip_src is oaddr1), or else drop it (otherwise).
If router itself originates the traffic to 126.96.36.199, it will go out
stamped with a source address of the srt0 local address, which is
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML firstname.lastname@example.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B