Sourcing ICMP reply to a different ip address
Andre Oppermann
andre at freebsd.org
Tue Dec 9 05:03:33 PST 2003
haesu at towardex.com wrote:
>
> Hi,
>
> Is there anyway to source the ICMP reply (i.e. ttl-exceeded for traceroute) on
> a FreeBSD box acting as router to an IP address different than the one bound on
> the interface, in which the destination route is pointed at?
>
> For example:
>
> Let say we have an asymmetric routing situation here...
>
> A client host is 1.2.3.4, and the FreeBSD box has fxp0 with 2.2.2.2, and fxp1
> with 3.3.3.3,
>
> Client runs traceroute to a host routed by the FreeBSD router. The packet
> arrives on FreeBSD router's FXP0 interface. But the route for 1.2.3.4 (client)
> on router's routing table points out to FXP1.
>
> Here in this case, the icmp ttl-exceeded message from the FreeBSD router will
> be sourced from 3.3.3.3, which is the main ip address of FXP1 (hence, the
> interface where route for 1.2.3.4(the client) is bound to)
>
> I'm looking to make it so that if a packet arrives on FXP0, I'd like the FreeBSD
> box to respond icmp ttl-exceeded OUT via FXP0, with source address of FXP0's IP.
> So in other words, I'd like to have icmp replies go out via the interface the
> packet originally hit the box, instead of via the interface that holds the
> route for the source of the packet. This type of implementation is done on
> some vendors (including Cisco) and sometimes can be helpful troubleshooting
> asym. routing situations..
Yes, this can be done. Nice feature for debugging as you say. I've got
a couple of other things in the priority queue first. It'll be after
christmas/new-year until I can do it.
--
Andre
More information about the freebsd-net
mailing list