Re: npf and source routing

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Sun, Oct 11, 2020 at 02:52:59PM -0400, Mouse wrote:
> >> Sounds like what srt is designed for.  (If srt has survived to the
> >> version you're using, that is.)
> > srt is still here.  But the documentation isn't very explicit on
> > setup; how do you force outgoing packets to go through srt ?
> 
> The same way you get outgoing traffic to use any other interface.  I
> typically do it by establishing a route out the srt interface,
> something like
> 
> 	ifconfig srt0 my.ad.dre.ss 10.255.255.254
> 	route add default 10.255.255.254
> 	...srtconfig commands to set up srt0...
> 
> (I usually use srt0 for my default route.  Change the route add as
> appropriate.)
> 
> If I assume a setup like
> 
> 	vlan0	10.0.0.2/24, upstream at 10.0.0.1
> 	vlan1	172.16.0.2/24, upstream at 172.16.0.1
> 
> with connections I initiate using the vlan0 address, then my first cut
> would be something like
> 
> 	...set up vlan0 and vlan1...
> 	ifconfig srt0 10.0.0.2 10.255.255.254
> 	route add default 10.255.255.254
> 	srtconfig srt0 set 0 10.0.0.0/24 vlan0 10.0.0.1
> 	srtconfig srt0 set 1 172.16.0.0/24 vlan1 172.16.0.1

unfortunably I couldn't get it to work. When I set the default route
to 10.255.255.254, packet don't go out, on eiter interface.
This is on netbsd-9 evbarm.

So back to ipfilter (yet another reason why we need to keep ipfilter, it seems)

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--