I have a multihomed box running Solaris 10 U8 (IP filter v4.1.9).
There are two interfaces, igb0 and igb2, both on the same subnet
(10.49.0.0/16) with, obviously, different IP's.
igb0: 10.49.2.110/16
igb2: 10.49.2.111/16
Default Gateway: 10.49.254.254
When traffic destined for 10.49.2.111 enters igb2, by default replies
go back out igb0.
I want anything with a source IP of 10.49.2.111 to go out igb2.
The following two rules work:
(1) block out log quick on igb0 to igb2:10.49.254.254 from 10.49.2.111 to any
(2) pass out log quick on igb0 to igb2:10.49.254.254 from 10.49.2.111 to any
But the downside is, if the destination is also on the 10.49.0.0/16,
when it arrives it appears as if it's coming from the gateway instead
of from the MAC address of igb2.
I tried the following:
(1) block out log quick on igb0 to igb2 from 10.49.2.111 to any
(2) pass out log quick on igb0 to igb2 from 10.49.2.111 to any
But, while these rules don't complain and seem to show matches in the
log, the packets never reach the destination.
Any suggestions? Do I _have_ to specify a next-hop? I just want the
system to rely on its local ARP table for delivery, especially if the
packet is destined to the local subnet...
I'm wondering if I could use dup-to to duplicate the packet to igb2
then drop it before it goes out the igb0 interface...
Any ideas? I've seen other threads discussing this, but most folks are
able to use the nexthop/gateway for their needs...
Thanks,
Ray
_______________________________________________
networking-discuss mailing list
[email protected]
