Re: IP "routing" issue
Abelenda Diego wrote this message on Wed, Sep 16, 2020 at 18:21 +0200: > Thank you for your input. > > Due to how convoluted the change in the configuration of FreeBSD would have > been I had to completely change my infrastructure to match the vision my > datacenter unilaterally imposed on me... So now I don't have this need > anymore. Ok. Glad you were able to solve your problem, though obviously not the way you wanted to. Just for the archives, this style of routing should work fine in FreeBSD. > On Tue, 15 Sep 2020 12:10:52 -0700 > John-Mark Gurney wrote: > > > Abelenda Diego wrote this message on Thu, Sep 10, 2020 at 18:54 +0200: > > > Hello, > > > > > > Thank you for pointing route "-iface" however I can't seem to manage what > > > I > > > want. > > > > > > When I use: > > > "route add -host $IP_NOT_IN_SUBNET -iface bce0" > > > > > > I get "netstat -rn" to say someting like: > > > > > > Internet: > > > DestinationGateway Flags Netif Expire > > > default$UPSTREAM_GW UGSbce0 > > > 10.0.0.1 link#7UHS lo0 > > > $IP_NO_IN_SUBNET $MAC_ADDRESS_OF_BCE0 UHSbce0 > > > > > > > > > Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I > > > get: > > > > > > root@opnsense2:~ # ping $IP_NOT_IN_SUBNET > > > PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes > > > 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0). > > > > > > Which doesn't seem appropriate at all wrt the routing table... > > > > > > Did I use "route add" wrong? > > > > > > Also I want to keep the setup simple, going through private IPs on the > > > public VLAN of the datacenter might get me in trouble with them, and using > > > other VLANs for that will be a pain. > > > > Can you provide a diagram of the network layout, and where the > > configuration needs to go? Because if it's just the opnsense box that > > needs the IP addresses, adding them as an alias to bce is enough to > > make it work. > > > > If you're trying to do something else, like have boxes behind the > > opnsense box have those IP addresses, then: > > route add $IP_NO_IN_SUBNET $IP_OF_BOX_WITH_IP_NO_IN_SUBNET > > > > would just work. > > > > I just noticed the 10.0.0.1 IP on lo0, and that's a bit odd to have... > > > > > On Wed, 9 Sep 2020 17:35:45 +0200 > > > kaycee gb wrote: > > > > > > > Le Wed, 9 Sep 2020 16:42:54 +0200, > > > > Abelenda Diego a écrit : > > > > > > > > > Hello, > > > > > > > > > > I've got a FreeBSD installation in a DataCenter that provided me with > > > > > a > > > > > single address IPv4 with an upstream gateway (cidr is fine the > > > > > upstream > > > > > gateway works everything is nice and running). I use this machine for > > > > > Masquerading an private infrastructure. > > > > > > > > > > Now I need other machines with public IPv4 and when I requested the > > > > > additional IPv4 to the DataCenter, they gave me a bunch of /32 > > > > > addresses > > > > > saying that my previous IPv4 MUST be configured as next-hop on their > > > > > side. From my understanding in FreeBSD the route command is unable to > > > > > perform this kind of configuration where you tell that the IPv4 /32 is > > > > > available without next-hop (no via) on a specific link. I know the > > > > > linux "ip route add $IP dev $LINK" configures this, but I cannot seem > > > > > to map this knowledge to FreeBSD. > > > > > > > > > > Is it possible to perform this very special setup with any command on > > > > > FreeBSD? If yes what is that command? > > > > > > > > > > Best regards, > > > > > Diego Abelenda > > > > > > > > Hi, > > > > > > > > Do the other machines have a private address ? Is it a problem if they > > > > have one ? > > > > If it is possible, you can route via this private address on your > > > > FreeBSD > > > > installation to the new one and assign a public/32 to the last. > > > > > > > > Alternatively to doing routing like above, if you have a firewall > > > > enabled > > > > on the first machine, you can do address forwarding between the first > > > > and > > > > the new one. > > > > > > > > And last, maybe with something like -iface from "route" you can achieve > > > > what you want. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." signature.asc Description: PGP signature
Re: IP "routing" issue
Hello, Thank you for your input. Due to how convoluted the change in the configuration of FreeBSD would have been I had to completely change my infrastructure to match the vision my datacenter unilaterally imposed on me... So now I don't have this need anymore. Best regards, Diego Abelenda On Tue, 15 Sep 2020 12:10:52 -0700 John-Mark Gurney wrote: > Abelenda Diego wrote this message on Thu, Sep 10, 2020 at 18:54 +0200: > > Hello, > > > > Thank you for pointing route "-iface" however I can't seem to manage what I > > want. > > > > When I use: > > "route add -host $IP_NOT_IN_SUBNET -iface bce0" > > > > I get "netstat -rn" to say someting like: > > > > Internet: > > DestinationGateway Flags Netif Expire > > default$UPSTREAM_GW UGSbce0 > > 10.0.0.1 link#7UHS lo0 > > $IP_NO_IN_SUBNET $MAC_ADDRESS_OF_BCE0 UHSbce0 > > > > > > Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I > > get: > > > > root@opnsense2:~ # ping $IP_NOT_IN_SUBNET > > PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes > > 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0). > > > > Which doesn't seem appropriate at all wrt the routing table... > > > > Did I use "route add" wrong? > > > > Also I want to keep the setup simple, going through private IPs on the > > public VLAN of the datacenter might get me in trouble with them, and using > > other VLANs for that will be a pain. > > Can you provide a diagram of the network layout, and where the > configuration needs to go? Because if it's just the opnsense box that > needs the IP addresses, adding them as an alias to bce is enough to > make it work. > > If you're trying to do something else, like have boxes behind the > opnsense box have those IP addresses, then: > route add $IP_NO_IN_SUBNET $IP_OF_BOX_WITH_IP_NO_IN_SUBNET > > would just work. > > I just noticed the 10.0.0.1 IP on lo0, and that's a bit odd to have... > > > On Wed, 9 Sep 2020 17:35:45 +0200 > > kaycee gb wrote: > > > > > Le Wed, 9 Sep 2020 16:42:54 +0200, > > > Abelenda Diego a écrit : > > > > > > > Hello, > > > > > > > > I've got a FreeBSD installation in a DataCenter that provided me with a > > > > single address IPv4 with an upstream gateway (cidr is fine the upstream > > > > gateway works everything is nice and running). I use this machine for > > > > Masquerading an private infrastructure. > > > > > > > > Now I need other machines with public IPv4 and when I requested the > > > > additional IPv4 to the DataCenter, they gave me a bunch of /32 addresses > > > > saying that my previous IPv4 MUST be configured as next-hop on their > > > > side. From my understanding in FreeBSD the route command is unable to > > > > perform this kind of configuration where you tell that the IPv4 /32 is > > > > available without next-hop (no via) on a specific link. I know the > > > > linux "ip route add $IP dev $LINK" configures this, but I cannot seem > > > > to map this knowledge to FreeBSD. > > > > > > > > Is it possible to perform this very special setup with any command on > > > > FreeBSD? If yes what is that command? > > > > > > > > Best regards, > > > > Diego Abelenda > > > > > > Hi, > > > > > > Do the other machines have a private address ? Is it a problem if they > > > have one ? > > > If it is possible, you can route via this private address on your FreeBSD > > > installation to the new one and assign a public/32 to the last. > > > > > > Alternatively to doing routing like above, if you have a firewall enabled > > > on the first machine, you can do address forwarding between the first and > > > the new one. > > > > > > And last, maybe with something like -iface from "route" you can achieve > > > what you want. > pgpIydq97MXm0.pgp Description: OpenPGP digital signature
Re: IP "routing" issue
Abelenda Diego wrote this message on Thu, Sep 10, 2020 at 18:54 +0200: > Hello, > > Thank you for pointing route "-iface" however I can't seem to manage what I > want. > > When I use: > "route add -host $IP_NOT_IN_SUBNET -iface bce0" > > I get "netstat -rn" to say someting like: > > Internet: > DestinationGateway Flags Netif Expire > default$UPSTREAM_GW UGSbce0 > 10.0.0.1 link#7UHS lo0 > $IP_NO_IN_SUBNET $MAC_ADDRESS_OF_BCE0 UHSbce0 > > > Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I get: > > root@opnsense2:~ # ping $IP_NOT_IN_SUBNET > PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes > 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0). > > Which doesn't seem appropriate at all wrt the routing table... > > Did I use "route add" wrong? > > Also I want to keep the setup simple, going through private IPs on the public > VLAN of the datacenter might get me in trouble with them, and using other > VLANs for that will be a pain. Can you provide a diagram of the network layout, and where the configuration needs to go? Because if it's just the opnsense box that needs the IP addresses, adding them as an alias to bce is enough to make it work. If you're trying to do something else, like have boxes behind the opnsense box have those IP addresses, then: route add $IP_NO_IN_SUBNET $IP_OF_BOX_WITH_IP_NO_IN_SUBNET would just work. I just noticed the 10.0.0.1 IP on lo0, and that's a bit odd to have... > On Wed, 9 Sep 2020 17:35:45 +0200 > kaycee gb wrote: > > > Le Wed, 9 Sep 2020 16:42:54 +0200, > > Abelenda Diego a écrit : > > > > > Hello, > > > > > > I've got a FreeBSD installation in a DataCenter that provided me with a > > > single address IPv4 with an upstream gateway (cidr is fine the upstream > > > gateway works everything is nice and running). I use this machine for > > > Masquerading an private infrastructure. > > > > > > Now I need other machines with public IPv4 and when I requested the > > > additional IPv4 to the DataCenter, they gave me a bunch of /32 addresses > > > saying that my previous IPv4 MUST be configured as next-hop on their side. > > > From my understanding in FreeBSD the route command is unable to perform > > > this > > > kind of configuration where you tell that the IPv4 /32 is available > > > without > > > next-hop (no via) on a specific link. I know the linux "ip route add $IP > > > dev > > > $LINK" configures this, but I cannot seem to map this knowledge to > > > FreeBSD. > > > > > > Is it possible to perform this very special setup with any command on > > > FreeBSD? If yes what is that command? > > > > > > Best regards, > > > Diego Abelenda > > > > Hi, > > > > Do the other machines have a private address ? Is it a problem if they have > > one ? > > If it is possible, you can route via this private address on your FreeBSD > > installation to the new one and assign a public/32 to the last. > > > > Alternatively to doing routing like above, if you have a firewall enabled on > > the first machine, you can do address forwarding between the first and the > > new one. > > > > And last, maybe with something like -iface from "route" you can achieve what > > you want. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." signature.asc Description: PGP signature
Re: IP "routing" issue
10.09.2020 23:54, Abelenda Diego wrote: > Thank you for pointing route "-iface" however I can't seem to manage what I > want. > > When I use: > "route add -host $IP_NOT_IN_SUBNET -iface bce0" > > I get "netstat -rn" to say someting like: > > Internet: > DestinationGateway Flags Netif Expire > default$UPSTREAM_GW UGSbce0 > 10.0.0.1 link#7UHS lo0 > $IP_NO_IN_SUBNET $MAC_ADDRESS_OF_BCE0 UHSbce0 > > > Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I get: > > root@opnsense2:~ # ping $IP_NOT_IN_SUBNET > PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes > 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0). > > Which doesn't seem appropriate at all wrt the routing table... Such route means that an attempt to send any packet to the IP in question results in broadcast ARP query for destination IP sent out of bce0. It seems your upstream has arp proxy enabled, so it sends ARP reply with its MAC address making your host send IP packet to $UPSTREAM_GW, but its routing table points back to your $PUBLIC_IP_OF_BCE0, hence redirection is generated. You should not use "-iface bce0" but right interface name pointing to host having target IP address. And if your own host has it, you do not need to add any route at all, but assign additional IP as alias to bce0. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IP "routing" issue
Hello, Thank you for pointing route "-iface" however I can't seem to manage what I want. When I use: "route add -host $IP_NOT_IN_SUBNET -iface bce0" I get "netstat -rn" to say someting like: Internet: DestinationGateway Flags Netif Expire default$UPSTREAM_GW UGSbce0 10.0.0.1 link#7UHS lo0 $IP_NO_IN_SUBNET $MAC_ADDRESS_OF_BCE0 UHSbce0 Which seem somehow appropriate, so I try to ping $IP_NOT_IN_SUBNET and I get: root@opnsense2:~ # ping $IP_NOT_IN_SUBNET PING $IP_NOT_IN_SUBNET ($IP_NOT_IN_SUBNET): 56 data bytes 36 bytes from $UPSTREAM_GW: Redirect Host(New addr: $PUBLIC_IP_OF_BCE0). Which doesn't seem appropriate at all wrt the routing table... Did I use "route add" wrong? Also I want to keep the setup simple, going through private IPs on the public VLAN of the datacenter might get me in trouble with them, and using other VLANs for that will be a pain. Best regards, Diego Abelenda On Wed, 9 Sep 2020 17:35:45 +0200 kaycee gb wrote: > Le Wed, 9 Sep 2020 16:42:54 +0200, > Abelenda Diego a écrit : > > > Hello, > > > > I've got a FreeBSD installation in a DataCenter that provided me with a > > single address IPv4 with an upstream gateway (cidr is fine the upstream > > gateway works everything is nice and running). I use this machine for > > Masquerading an private infrastructure. > > > > Now I need other machines with public IPv4 and when I requested the > > additional IPv4 to the DataCenter, they gave me a bunch of /32 addresses > > saying that my previous IPv4 MUST be configured as next-hop on their side. > > From my understanding in FreeBSD the route command is unable to perform this > > kind of configuration where you tell that the IPv4 /32 is available without > > next-hop (no via) on a specific link. I know the linux "ip route add $IP dev > > $LINK" configures this, but I cannot seem to map this knowledge to FreeBSD. > > > > Is it possible to perform this very special setup with any command on > > FreeBSD? If yes what is that command? > > > > Best regards, > > Diego Abelenda > > Hi, > > Do the other machines have a private address ? Is it a problem if they have > one ? > If it is possible, you can route via this private address on your FreeBSD > installation to the new one and assign a public/32 to the last. > > Alternatively to doing routing like above, if you have a firewall enabled on > the first machine, you can do address forwarding between the first and the > new one. > > And last, maybe with something like -iface from "route" you can achieve what > you want. > > K. > ___ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" pgp160I9Yaio2.pgp Description: OpenPGP digital signature
Re: IP "routing" issue
09.09.2020 21:42, Abelenda Diego wrote: > I've got a FreeBSD installation in a DataCenter that provided me with a single > address IPv4 with an upstream gateway (cidr is fine the upstream gateway works > everything is nice and running). I use this machine for Masquerading an > private > infrastructure. > > Now I need other machines with public IPv4 and when I requested the additional > IPv4 to the DataCenter, they gave me a bunch of /32 addresses saying that > my previous IPv4 MUST be configured as next-hop on their side. > From my understanding in FreeBSD the route command is unable to perform this > kind of configuration where you tell that the IPv4 /32 is available without > next-hop (no via) on a specific link. I know the linux "ip route add $IP dev > $LINK" configures this, but I cannot seem to map this knowledge to FreeBSD. > > Is it possible to perform this very special setup with any command on FreeBSD? > If yes what is that command? This setup is not special and FreeBSD can do it, of course. route add 1.1.1.1/32 2.2.2.2 route add 1.1.2.1/32 -iface vtnet0 In this example 2.2.2.2 plays role of your old public IP and 1.1.X.X are for new addresses routed via 2.2.2.2 or directly to interface vtnet0. And there is rc.conf settings "static_routes" to create such setup: static_routes="host1 host2 host3" route_host1="1.1.1.1/32 2.2.2.2" route_host2="1.1.2.1/32 -iface vtnet0" This is documented with route(8) and rc.conf(5) manual pages. In case of P2P interface such variants have no real difference other than used way to specify outgoing interface: by next-hop address or by interface name. P2P interface may have no address assigned for remote side. In case of Ethernet-link interface the difference is related to underlying ARP protocol cache, will it be asked for MAC address of specified next-hop or directly for MAC address of target like 1.1.2.1. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IP "routing" issue
Le Wed, 9 Sep 2020 16:42:54 +0200, Abelenda Diego a écrit : > Hello, > > I've got a FreeBSD installation in a DataCenter that provided me with a single > address IPv4 with an upstream gateway (cidr is fine the upstream gateway works > everything is nice and running). I use this machine for Masquerading an > private infrastructure. > > Now I need other machines with public IPv4 and when I requested the additional > IPv4 to the DataCenter, they gave me a bunch of /32 addresses saying that > my previous IPv4 MUST be configured as next-hop on their side. > From my understanding in FreeBSD the route command is unable to perform this > kind of configuration where you tell that the IPv4 /32 is available without > next-hop (no via) on a specific link. I know the linux "ip route add $IP dev > $LINK" configures this, but I cannot seem to map this knowledge to FreeBSD. > > Is it possible to perform this very special setup with any command on FreeBSD? > If yes what is that command? > > Best regards, > Diego Abelenda Hi, Do the other machines have a private address ? Is it a problem if they have one ? If it is possible, you can route via this private address on your FreeBSD installation to the new one and assign a public/32 to the last. Alternatively to doing routing like above, if you have a firewall enabled on the first machine, you can do address forwarding between the first and the new one. And last, maybe with something like -iface from "route" you can achieve what you want. K. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IP "routing" issue
Hello Cristian, Thank you for your pointer, however if I quote part of my question: > From my understanding in FreeBSD the route command is unable to perform this > kind of configuration where you tell that the IPv4 /32 is available without > next-hop (no via) on a specific link. I imply there that I read the man, tried quite a few things with the "route" command and could not get anything out of it. Best regards, Diego Abelenda On Wed, 9 Sep 2020 11:48:58 -0300 Cristian Cardoso wrote: > Hi > The equivalent command in FreeBSD for the ip route is the route, > follow manpage https://www.freebsd.org/cgi/man.cgi?route > > Em qua., 9 de set. de 2020 às 11:43, Abelenda Diego > escreveu: > > > > Hello, > > > > I've got a FreeBSD installation in a DataCenter that provided me with a > > single address IPv4 with an upstream gateway (cidr is fine the upstream > > gateway works everything is nice and running). I use this machine for > > Masquerading an private infrastructure. > > > > Now I need other machines with public IPv4 and when I requested the > > additional IPv4 to the DataCenter, they gave me a bunch of /32 addresses > > saying that my previous IPv4 MUST be configured as next-hop on their side. > > From my understanding in FreeBSD the route command is unable to perform this > > kind of configuration where you tell that the IPv4 /32 is available without > > next-hop (no via) on a specific link. I know the linux "ip route add $IP dev > > $LINK" configures this, but I cannot seem to map this knowledge to FreeBSD. > > > > Is it possible to perform this very special setup with any command on > > FreeBSD? If yes what is that command? > > > > Best regards, > > Diego Abelenda pgp1IPXqHWPpk.pgp Description: OpenPGP digital signature
Re: IP "routing" issue
Hi The equivalent command in FreeBSD for the ip route is the route, follow manpage https://www.freebsd.org/cgi/man.cgi?route Em qua., 9 de set. de 2020 às 11:43, Abelenda Diego escreveu: > > Hello, > > I've got a FreeBSD installation in a DataCenter that provided me with a single > address IPv4 with an upstream gateway (cidr is fine the upstream gateway works > everything is nice and running). I use this machine for Masquerading an > private > infrastructure. > > Now I need other machines with public IPv4 and when I requested the additional > IPv4 to the DataCenter, they gave me a bunch of /32 addresses saying that > my previous IPv4 MUST be configured as next-hop on their side. > From my understanding in FreeBSD the route command is unable to perform this > kind of configuration where you tell that the IPv4 /32 is available without > next-hop (no via) on a specific link. I know the linux "ip route add $IP dev > $LINK" configures this, but I cannot seem to map this knowledge to FreeBSD. > > Is it possible to perform this very special setup with any command on FreeBSD? > If yes what is that command? > > Best regards, > Diego Abelenda ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
IP "routing" issue
Hello, I've got a FreeBSD installation in a DataCenter that provided me with a single address IPv4 with an upstream gateway (cidr is fine the upstream gateway works everything is nice and running). I use this machine for Masquerading an private infrastructure. Now I need other machines with public IPv4 and when I requested the additional IPv4 to the DataCenter, they gave me a bunch of /32 addresses saying that my previous IPv4 MUST be configured as next-hop on their side. From my understanding in FreeBSD the route command is unable to perform this kind of configuration where you tell that the IPv4 /32 is available without next-hop (no via) on a specific link. I know the linux "ip route add $IP dev $LINK" configures this, but I cannot seem to map this knowledge to FreeBSD. Is it possible to perform this very special setup with any command on FreeBSD? If yes what is that command? Best regards, Diego Abelenda pgpE8UJnpiooh.pgp Description: OpenPGP digital signature