On Friday 20 October 2006 21:42, Brian Hawk wrote:
I'm having a strange situation for quite sometime. I have two external
interfaces one of which is an ADSL interface tun0 and obtains IP address
dynamically and the other is a (xl1) leased line which has a static
global IP address, lets say 212.64.212.180. Both interfaces access
internet without any problem.

Recently I've configured qmail on this system to send out email thru xl1
interface and use ADSL only for web traffic. It used to work quite good
for a while but recently I noticed TCP packets have been going out from
tun0 and responses coming in thru xl1. tun0 and ADSL is the default
gateway. But the TCP packets are bound to 212.64.212.180 IP address
which should send them out thru xl1. But it doesn't.
No, you are wrong. Packet will be forwarded to default gateway through the interface which is on same network with it. You need some kind of policy routing. I'm not very familiar with ipf but with pf you can do:
Unfortunately it doesn't go thru the interface which has Src IP address same as with it. But goes thru the default gateway. But since the Src IP address in the IP packet is 212.64.212.180, all TCP replies come from the right interface (xl1) which makes sense because the devices on the internet wouldn't make the same mistake.
pass out on $ext_if0 route-to ($ext_if1 $ext_gw1) inet from $ext_if1 to any
pass out on $ext_if1 route-to ($ext_if0 $ext_gw0) inet from $ext_if0 to any
or with ipfw you can use "fwd" rule action.
a "fwd" cannot solve my problem because it likes to forward packets to a certain IP addr or an IP:port, which is not what I want. I just need to forward (or rather route) them thru an "interface". Again, I still think this is what FreeBSD should really be doing for packets which have interface's IP as Src IP addr in the IP header.
For the test, I did these

tcpdump -nt -i xl1 tcp &
telnet -s 212.64.212.180 smtp.tnet.com 25

connection establishes but I can see only the TCP response packets
coming from xl1, like the following

x.y.z.t > 212.64.212.180
x.y.z.t > 212.64.212.180

All from external IPs to my xl1 int. No packets going out from xl1 they
all go thru default gateway even if TCP connections are bound to xl1's
IP address.

I'd like to know if anybody knows why this happened and I can I turn
things back the way they were. Any help would be much appreciated.

My configuration is like this;

FreeBSD 5.4-RELEASE
ipf: IP Filter: v3.4.35 (336)
Kernel: IP Filter: v3.4.35
ipfw has no rules; allow ip from any to any
there's also a transparent proxy setup for squid

#~>netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            88.234.8.1         UGS         0 78722302   tun0
10/24              link#1             UC          0        0    rl0 =>
10                 10.1.1.222         UGS         0    26233    xl0
10.0.0.99          link#1             UHLW        0        4    rl0
10.1.1/24          link#2             UC          0        0    xl0
10.1.1.13          00:50:8d:ed:88:94  UHLW        0     1876    xl0   1118
10.1.1.222         00:01:02:df:c1:19  UHLW        1      689    lo0
10.1.1.225         00:b0:d0:20:b7:9e  UHLW        0    96690    xl0    706
88.234.8.1         88.234.14.26       UH          1        0   tun0
127.0.0.1          127.0.0.1          UH          0  2305904    lo0
192.168.0/16       link#3             UCS         0        0    xl1
212.64.212.176     ff:ff:ff:ff:ff:ff  UHLWb       0       15    xl1 =>
212.64.212.176/29  link#3             UC          0        0    xl1
212.64.212.180     00:04:76:9b:3d:f8  UHLW        0      125    lo0

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"



_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to