Sourcing ICMP reply to a different ip address

haesu_at_towardex.com
Date: 12/08/03

  • Next message: FreeBSD bugmaster: "Current problem reports assigned to you" 
    Date: Mon, 8 Dec 2003 13:53:20 -0500
To: freebsd-net@freebsd.org

    Hi,

    Is there anyway to source the ICMP reply (i.e. ttl-exceeded for traceroute) on
    a FreeBSD box acting as router to an IP address different than the one bound on
    the interface, in which the destination route is pointed at?

    For example:

    Let say we have an asymmetric routing situation here...

    A client host is 1.2.3.4, and the FreeBSD box has fxp0 with 2.2.2.2, and fxp1
    with 3.3.3.3,

    Client runs traceroute to a host routed by the FreeBSD router. The packet
    arrives on FreeBSD router's FXP0 interface. But the route for 1.2.3.4 (client)
    on router's routing table points out to FXP1.

    Here in this case, the icmp ttl-exceeded message from the FreeBSD router will
    be sourced from 3.3.3.3, which is the main ip address of FXP1 (hence, the
    interface where route for 1.2.3.4(the client) is bound to)

    I'm looking to make it so that if a packet arrives on FXP0, I'd like the FreeBSD
    box to respond icmp ttl-exceeded OUT via FXP0, with source address of FXP0's IP.
    So in other words, I'd like to have icmp replies go out via the interface the
    packet originally hit the box, instead of via the interface that holds the
    route for the source of the packet. This type of implementation is done on
    some vendors (including Cisco) and sometimes can be helpful troubleshooting
    asym. routing situations..

    Any suggestions would be appreciated. Thanks
    ` 

    -- 
James Jun (formerly Haesu)
Network Operations
TowardEX Technologies, Inc.
Consulting, colocation, web hosting, network design and implementation
http://www.towardex.com  | james@towardex.com
Cell: (978)394-2867      | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033       | AIM: GigabitEthernet0
NOC: http://www.twdx.net | POC: HAESU-ARIN, HDJ1-6BONE
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
  • Next message: FreeBSD bugmaster: "Current problem reports assigned to you"

    Relevant Pages

    • Mason equivalent for ipfw or ipf?
      ... Mason which workes with ipchains to monitor what sort of traffic is on the ... any of the FreeBSD firewall options? ... I would remove the router and connect the FreeBSD box ... > router between the LAN and the cable interface... ...
      (FreeBSD-Security)
    • Re: Sourcing ICMP reply to a different ip address
      ... > Is there anyway to source the ICMP reply on ... > Client runs traceroute to a host routed by the FreeBSD router. ... > I'm looking to make it so that if a packet arrives on FXP0, ...
      (freebsd-net)
    • Re: set srcIP for ICMP replies, or for locally sourced connections?
      ... Attach an ACL to the WAN interface that specifies to which IP addresses you will permit ICMP. ... Extended ping permits you to specify the source IP address that will be used in the outbound ping, which then becomes the destination IP address in the reply packet. ... "Inspection" applied on a LAN interface will open temporary dynamic holes in the return path ACLs to accommodate replies to pings sent from internal hosts. ... If there were a way to bind locally-sourced ping and traceroute to a particular source IP on each router, then that would also be helpful. ...
      (comp.dcom.sys.cisco)
    • FW: out xmit not match icmp
      ... I'm forwarding this from freebsd-ipfw mailing list... ... out xmit not match icmp ... I have freebsd 4.9-RELEASE-p3 box with ipfw and 3 interfaces installed. ... One interface is external with one public ip address, ...
      (freebsd-questions)
    • Re: linksys 8 port router and ipfw
      ... I would remove the router and connect the FreeBSD box ... router between the LAN and the cable interface... ...
      (FreeBSD-Security)