Static route via address, not interface
Jason Dixon
jason at dixongroup.net
Thu Nov 13 22:02:54 PST 2003
Sorry if this is well-traveled territory, but I haven't found anything
relevant in the lists, handbook or FAQ.
I have a setup on a network where 802.11b traffic from a group of
wireless hosts is "reflected" off the internal interface of an OpenBSD
firewall. In order to encrypt all wireless traffic, I enforce a series
of host tunnels from the wireless clients into the gateway. This
requires that *all* LAN hosts "bounce" off the firewall in order to
ensure proper routing both ways.
For any traffic destined from one of these systems (say, my Linux
laptop, for example) to another local host, packets traverse an IPsec
tunnel, exit on enc0 of the firewall, and are NATted back into the wired
segment (fxp1). With Linux and Windows hosts, I'm able to add static
routes to bind to the gateway IP address (192.168.0.1).
Unfortunately, it appears that FreeBSD (4.9-RELEASE) ignores my intent,
instead assuming(?) that I wish to assign the route to the interface,
rather than the IP. The expected behavior is that traffic is routed
locally, rather than across the gateway, breaking all TCP traffic.
Any ideas? Am I overlooking something simple? Here is the route
command I've used and my routing table:
route add -net 192.168.0.0 192.168.0.1 -netmask 255.255.255.0
Destination Gateway Flags Refs Use Netif Expire
default 192.168.0.1 UGSc 2 0 fxp0
127.0.0.1 127.0.0.1 UH 1 0 lo0
192.168.0 link#1 UC 3 0 fxp0
192.168.0.1 00:a0:cc:e2:7e:f4 UHLW 3 808 fxp0 596
192.168.0.42 00:05:5d:a6:df:e3 UHLW 1 63 fxp0 992
192.168.0.53 127.0.0.1 UGHS 0 0 lo0
Thanks in advance,
--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net
More information about the freebsd-net
mailing list