On Sun, May 17, 2009 at 11:39 AM, Felipe Alfaro Solana <
felipe.alf...@gmail.com> wrote:
> On Sun, May 17, 2009 at 9:57 AM, Claudio Jeker
> <cje...@diehard.n-r-g.com>wrote:
>
>> On Sun, May 17, 2009 at 01:13:29AM +0200, Felipe Alfaro Solana wrote:
>> > Hi misc,
>> > route add allows one to specify a directly-connected route reachable
>> over an
>> > interface, using the -interface switch. However, I can't seem to figure
>> out
>> > if it's possible to specify just the interface name to the -interface
>> > switch. According to the manual page, only an IP address is allowed:
>> >
>> > """
>> > If the destination is directly reachable via an interface requiring
>> no
>> > intermediary system to act as a gateway, the -interface modifier
>> should
>> > be specified; the gateway given is the address of this host on the
>> > common
>> > network, indicating the interface to be used for transmission.
>> > """
>> >
>> > The thing is the interface I want to use with the -interface switch does
>> not
>> > have a static IP address. I could script something to get the current IP
>> > address of that interface but looks hacky to me. Is it possible to do
>> > something like?
>> >
>> > # route add -net 128.0.0.0/16 -interface vr2
>> >
>> > instead in OpenBSD? I'm a little bit confused since adding the route
>> while
>> > using the IP address yields the following entry in the routing table:
>> >
>> > 128.0/16 link#3 UCS 0 0 - 8
>> vr2
>> >
>> > So, why is exactly that -interface wants an IP address but does not like
>> > interface names?
>> >
>>
>> ifconfig vr2 alias 128.0.0.1/16
>>
>> This will ensure that everything is correctly set up.
>> Doing it with route will most probably cause issues because it will not
>> setup everything correctly. You need an IP on that interface in that
>> network or it will not work.
>
>
> Thanks for your reply, Claudio.
>
> Initially, I tried setting up the alias directly in the vr2 interface.
> However, I had problems because vr2 is an Internet-facing interface that uses
> DHCP. I
> used to use a custom dhclient.conf configuration file as described in [1]
> but, for some reason, when the lease is renewed, I start to suffer packet
> loss. A tcpdump capture shows that some TCP connections are being sourced
> with the IP
> alias address and not the public IP address. That's why I tried using a
> loopback interface.
>
The problem with incorrectly-sourced IP datagrams seems to be NAT:
nat on vr2 inet from 172.16.0.1/24 to any -> (vr2) round-robin
This rule is created as:
nat on $ext_if from $int_if:network to any -> ($ext_if)
I understand the problem is the (vr2) round-robin. I have no idea, however,
how to prevent PF from using the two IP addresses (the public IP and the IP
alias). Any ideas how to force NAT to only use 1 IP address (the public IP
address)?
>
> This was my custom dhclient.conf:
>
> interface "vr2" {
> supersede domain-name "my.domain";
> supersede domain-name-servers 1.2.3.4;
> }
>
> alias {
> interface "vr2";
> fixed-address 128.0.0.1;
> option subnet-mask 255.255.0.0;
> }
>
> First time I invoke dhclient, everything seems to work fine:
>
> # dhclient vr2
>
> DHCPREQUEST on vr2 to 255.255.255.255 port 67
> DHCPACK from 10.177.128.1
> bound to A.B.C.D -- renewal in 2590 seconds.
> # ifconfig vr2
> vr2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:0d:b9:18:9b:fa
> priority: 0
> groups: egress
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet6 fe80::20d:b9ff:fe18:9bfa%vr2 prefixlen 64 scopeid 0x3
> inet A.B.C.D netmask 0xfffffe00 broadcast 255.255.255.255
> inet 128.0.0.1 netmask 0xffff0000 broadcast 128.0.255.255
>
> However, if I call dhclient one more time, the martian IP address seems to
> become the primary IP address and the public IP address the alias:
>
> # dhclient vr2
> DHCPREQUEST on vr2 to 255.255.255.255 port 67
> DHCPACK from 10.177.128.1
> bound to A.B.C.D -- renewal in 2579 seconds.
> # ifconfig vr2
> vr2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:0d:b9:18:9b:fa
> priority: 0
> groups: egress
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet6 fe80::20d:b9ff:fe18:9bfa%vr2 prefixlen 64 scopeid 0x3
> inet 128.0.0.1 netmask 0xffff0000 broadcast 128.0.255.255
> inet A.B.C.D netmask 0xfffffe00 broadcast 255.255.255.255
>
> Even more funny, if I want to entirely remove the martian IP address I need
> to remove it twice:
>
> # ifconfig vr2
> vr2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:0d:b9:18:9b:fa
> priority: 0
> groups: egress
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet6 fe80::20d:b9ff:fe18:9bfa%vr2 prefixlen 64 scopeid 0x3
> inet 128.0.0.1 netmask 0xffff0000 broadcast 128.0.255.255
> inet A.B.C.D netmask 0xfffffe00 broadcast 255.255.255.255
> # ifconfig vr2 delete 128.0.0.1
> # ifconfig vr2
> vr2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:0d:b9:18:9b:fa
> priority: 0
> groups: egress
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet6 fe80::20d:b9ff:fe18:9bfa%vr2 prefixlen 64 scopeid 0x3
> inet A.B.C.D netmask 0xfffffe00 broadcast 255.255.255.255
> inet 128.0.0.1 netmask 0xffff0000 broadcast 128.0.255.255
> # ifconfig vr2 delete 128.0.0.1
> # ifconfig vr2
> vr2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:0d:b9:18:9b:fa
> priority: 0
> groups: egress
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet6 fe80::20d:b9ff:fe18:9bfa%vr2 prefixlen 64 scopeid 0x3
> inet A.B.C.D netmask 0xfffffe00 broadcast 255.255.255.255
>
> Is this a bug in dhclient? A bug in the OpenBSD kernel?
>
> Thanks in advance.
>
> [1]
> http://www.felipe-alfaro.org/blog/2009/05/08/openbsd-dynamic-and-static-ip-address-on-the-same-interface/
>
>
>>
>>
>> --
>> :wq Claudio
>>
>>
>
>
> --
> http://www.felipe-alfaro.org/blog/disclaimer/
>
--
http://www.felipe-alfaro.org/blog/disclaimer/
