Re: Static route via address, not interface
From: Vladimir B. Grebenschikov (vova_at_fbsd.ru)
Date: 11/17/03
- Previous message: Kurt Jaeger: "Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr ess)"
- In reply to: Jason Dixon: "Re: Static route via address, not interface"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Jason Dixon <jason@dixongroup.net> Date: Mon, 17 Nov 2003 09:34:40 +0300
÷ ÐÔ, 14.11.2003, × 20:41, Jason Dixon ÐÉÛÅÔ:
> On Fri, 2003-11-14 at 07:38, Vladimir B. Grebenschikov wrote:
>
> > I guess - you already have 192.168.0.0/24 route entry, added by command:
> > ifconfig fxp0 192.168.0.53/24
> >
> > so now you need:
> > remove network route via interface:
> > route delete 192.168.0.0/24
> > add interface route (kernel should know how to reach router)
> > route add 192.168.0.1/32 -iface fxp0 -cloning
> > and then add network route via router
> > route add 192.168.0.0/24 192.168.0.1
>
> I guess I didn't make it clear enough, let me try again.
>
> I'm attempting to create a static route for my FreeBSD host so that
> *all* local traffic is routed across the gateway firewall, rather than
> being delivered on the local network segment, as is the default with
> LANs. If you view the routing table (below) again, you'll notice that
> traffic from the FreeBSD box (192.168.0.53) to another box on the same
> subnet (192.168.0.42) is still being delivered locally, rather than
> being routed through the gateway (192.168.0.1). This is *after* I've
> added a static route for 192.168.0.0/24 to use 192.168.0.1.
I understand you by previous message, so there is transcript of my
configuration (I have 172.22.2.0/24 segment attached with router
172.22.2.1 and my address 172.22.2.3)
Initial stage: I have directly routed subnet.
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif
Expire
default 172.22.2.1 UGSc 0 1 fxp0
127.0.0.1 127.0.0.1 UH 1 312 lo0
172.22.2/24 link#2 UC 0 0 fxp0
172.22.2.1 00:a0:c9:04:7d:2c UHLW 11 279 fxp0
1132
172.22.2.2 00:a0:c9:c7:fc:fa UHLW 1 57286 fxp0
1194
172.22.2.3 127.0.0.1 UGHS 0 1 lo0
172.22.2.255 ff:ff:ff:ff:ff:ff UHLWb 2 163 fxp0
Now I am removing routing of subnet directly via interface:
# route delete 172.22.2.0/24
delete net 172.22.2.0
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif
Expire
default 172.22.2.1 UGSc 1 1 fxp0
127.0.0.1 127.0.0.1 UH 1 312 lo0
172.22.2.3 127.0.0.1 UGHS 0 1 lo0
Now I am adding routing for router address only (kernel need to know how
to reach router)
# route add 172.22.2.1/32 -iface fxp0 -cloning
add net 172.22.2.1: gateway fxp0
# ping -c1 172.22.2.1
PING 172.22.2.1 (172.22.2.1): 56 data bytes
64 bytes from 172.22.2.1: icmp_seq=0 ttl=64 time=0.462 ms
--- 172.22.2.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.462/0.462/0.462/0.000 ms
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif
Expire
default 172.22.2.1 UGSc 1 1 fxp0
127.0.0.1 127.0.0.1 UH 1 312 lo0
172.22.2.1 00:a0:c9:04:7d:2c UHLW 0 1 fxp0
1196 =>
172.22.2.1/32 link#2 UCS 0 0 fxp0
172.22.2.3 127.0.0.1 UGHS 0 1 lo0
So, there is only route for router and myself in routing table.
No I'll add route for all 172.22.2 network:
add net 172.22.2.0: gateway 172.22.2.1
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif
Expire
default 172.22.2.1 UGSc 1 1 fxp0
127.0.0.1 127.0.0.1 UH 1 312 lo0
172.22.2/24 172.22.2.1 UGSc 0 0 fxp0
172.22.2.1 00:a0:c9:04:7d:2c UHLW 1 1 fxp0
1184 =>
172.22.2.1/32 link#2 UCS 0 0 fxp0
172.22.2.3 127.0.0.1 UGHS 0 1 lo0
Look 172.22.2.0/24 via 172.22.2.1, let's check it:
# ping -c1 172.22.2.2
PING 172.22.2.2 (172.22.2.2): 56 data bytes
36 bytes from dev (172.22.2.1): Redirect Host(New addr: 172.22.2.2)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 c802 0 0000 40 01 5675 172.22.2.3 172.22.2.2
> router complains here about possible direct way, by this can be
switched of by sysctl on router
64 bytes from 172.22.2.2: icmp_seq=0 ttl=64 time=0.611 ms
--- 172.22.2.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.611/0.611/0.611/0.000 ms
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif
Expire
default 172.22.2.1 UGSc 1 1 fxp0
127.0.0.1 127.0.0.1 UH 1 312 lo0
172.22.2/24 172.22.2.1 UGSc 0 1 fxp0
172.22.2.1 00:a0:c9:04:7d:2c UHLW 1 2 fxp0
1164 =>
172.22.2.1/32 link#2 UCS 0 0 fxp0
172.22.2.3 127.0.0.1 UGHS 0 1 lo0
#
Anyway all traffic directed through router
# ping -n -c1 -R 172.22.2.2
PING 172.22.2.2 (172.22.2.2): 56 data bytes
64 bytes from 172.22.2.2: icmp_seq=0 ttl=64 time=0.659 ms
RR: 172.22.2.1
172.22.2.2
172.22.2.3
--- 172.22.2.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.659/0.659/0.659/0.000 ms
#
-- Vladimir B. Grebenschikov <vova@fbsd.ru> SWsoft Inc. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Kurt Jaeger: "Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr ess)"
- In reply to: Jason Dixon: "Re: Static route via address, not interface"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
